Total
5227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45442 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-13 | N/A | 7.5 HIGH |
| Vulnerability of permission verification for APIs in the DownloadProviderMain module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-42035 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-11 | N/A | 7.8 HIGH |
| Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality. | |||||
| CVE-2023-7265 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | N/A | 6.2 MEDIUM |
| Permission verification vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect availability | |||||
| CVE-2024-45449 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | N/A | 5.5 MEDIUM |
| Access permission verification vulnerability in the ringtone setting module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-52106 | 1 Huawei | 1 Harmonyos | 2024-09-04 | N/A | 9.1 CRITICAL |
| Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability. | |||||
| CVE-2004-2713 | 1 Zonelabs | 1 Zonealarm | 2024-08-08 | 1.9 LOW | N/A |
| Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\Internet Logs\* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents or permissions. NOTE: this issue has been disputed by the vendor, who claims that it does not affect product functionality since the same information is also saved in a protected file | |||||
| CVE-2005-1753 | 1 Sun | 1 Javamail | 2024-08-07 | 5.0 MEDIUM | N/A |
| ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products. | |||||
| CVE-2007-5469 | 1 Openser | 1 Openser | 2024-08-07 | 5.0 MEDIUM | N/A |
| OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack"). NOTE: Debian disputes this issue, stating that "having the two URIs mismatch is allowed by the standard and happens in some setups for valid reasons. | |||||
| CVE-2008-1246 | 1 Cisco | 1 Pix Asa Finesse Operation System | 2024-08-07 | 6.8 MEDIUM | N/A |
| The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering characters at the enable prompt, erasing these characters via the Backspace key, and then holding down the Backspace key for one second after erasing the final character. NOTE: third parties, including one who works for the vendor, have been unable to reproduce the flaw unless the enable password is blank | |||||
| CVE-2009-5064 | 1 Gnu | 1 Glibc | 2024-08-07 | 6.9 MEDIUM | N/A |
| ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc. | |||||
| CVE-2009-4996 | 1 Xfce | 1 Xfce | 2024-08-07 | 7.2 HIGH | N/A |
| Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments | |||||
| CVE-2009-2653 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2024-08-07 | 4.6 MEDIUM | N/A |
| The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend. | |||||
| CVE-2010-4001 | 2 Fedoraproject, Gromacs | 2 Fedora, Gromacs | 2024-08-07 | 4.6 MEDIUM | N/A |
| GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: CVE disputes this issue because the GMXLDLIB value is always added to the beginning of LD_LIBRARY_PATH at a later point in the script | |||||
| CVE-2010-2532 | 1 Opensuse | 1 Opensuse | 2024-08-07 | 7.2 HIGH | N/A |
| lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments. | |||||
| CVE-2011-1473 | 1 Openssl | 1 Openssl | 2024-08-06 | 5.0 MEDIUM | N/A |
| OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment | |||||
| CVE-2012-2213 | 1 Squid-cache | 1 Squid | 2024-08-06 | 5.0 MEDIUM | N/A |
| Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br | |||||
| CVE-2012-2212 | 1 Mcafee | 1 Web Gateway | 2024-08-06 | 5.0 MEDIUM | N/A |
| McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers | |||||
| CVE-2013-0346 | 1 Apache | 1 Tomcat | 2024-08-06 | 2.1 LOW | N/A |
| Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information." | |||||
| CVE-2014-9768 | 1 Ibm | 1 Tivoli Netview Access Services | 2024-08-06 | 9.0 HIGH | 8.8 HIGH |
| IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability | |||||
| CVE-2015-8709 | 1 Linux | 1 Linux Kernel | 2024-08-06 | 6.9 MEDIUM | 7.0 HIGH |
| kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here. | |||||