Total
5458 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45369 | 1 Richplugins | 1 Plugin For Google Reviews | 2025-02-20 | 4.3 Medium |
| Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress. | ||||
| CVE-2022-42459 | 1 Oxilab | 1 Image Hover Effects Ultimate | 2025-02-20 | 7.2 High |
| Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress. | ||||
| CVE-2020-13922 | 1 Apache | 1 Dolphinscheduler | 2025-02-13 | 6.5 Medium |
| Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface. | ||||
| CVE-2015-6647 | 1 Google | 1 Android | 2025-02-13 | N/A |
| The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554. | ||||
| CVE-2015-6639 | 1 Google | 1 Android | 2025-02-13 | N/A |
| The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. | ||||
| CVE-2014-0181 | 4 Linux, Opensuse, Redhat and 1 more | 9 Linux Kernel, Evergreen, Enterprise Linux and 6 more | 2025-02-13 | N/A |
| The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. | ||||
| CVE-2013-4577 | 1 Gnu | 1 Grub | 2025-02-13 | N/A |
| A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file. | ||||
| CVE-2010-3856 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2025-02-13 | N/A |
| ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | ||||
| CVE-2015-1769 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-02-10 | 6.6 Medium |
| Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability." | ||||
| CVE-2024-22452 | 1 Dell | 1 Display And Peripheral Manager | 2025-01-31 | 7.3 High |
| Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation. | ||||
| CVE-2010-2554 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-01-21 | 7.8 High |
| The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability." | ||||
| CVE-2008-1246 | 1 Cisco | 1 Pix Asa Finesse Operation System | 2025-01-17 | 7.8 High |
| The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering characters at the enable prompt, erasing these characters via the Backspace key, and then holding down the Backspace key for one second after erasing the final character. NOTE: third parties, including one who works for the vendor, have been unable to reproduce the flaw unless the enable password is blank | ||||
| CVE-2015-8336 | 1 Huawei | 1 Fusioncompute | 2025-01-15 | 4.3 Medium |
| Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. | ||||
| CVE-2013-6955 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. | ||||
| CVE-2024-56444 | 1 Huawei | 1 Harmonyos | 2025-01-13 | 7.5 High |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-56440 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | 6.2 Medium |
| Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2024-56436 | 1 Huawei | 1 Harmonyos | 2025-01-13 | 5.5 Medium |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2022-36246 | 1 Shopbeat | 1 Shop Beat Media Player | 2025-01-13 | 9.8 Critical |
| Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions. | ||||
| CVE-2023-52955 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | 6.5 Medium |
| Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2024-53137 | 1 Linux | 1 Linux Kernel | 2024-12-19 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ARM: fix cacheflush with PAN It seems that the cacheflush syscall got broken when PAN for LPAE was implemented. User access was not enabled around the cache maintenance instructions, causing them to fault. | ||||