Vulnerabilities (CVE)

Filtered by CWE-275
Total 70 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-11486 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/user_permission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-11485 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
A vulnerability, which was classified as critical, has been found in Code4Berry Decoration Management System 1.0. Affected by this issue is some unknown functionality of the file /decoration/admin/userregister.php of the component User Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-3118 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-6762 1 Thecosy 1 Icecms 2024-11-21 5.5 MEDIUM 5.4 MEDIUM
A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /article/DelectArticleById/ of the component Article Handler. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-247890 is the identifier assigned to this vulnerability.
CVE-2023-6302 1 Cskaza 1 Cszcms 2024-11-21 5.8 MEDIUM 4.7 MEDIUM
A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-5263 1 Zzzcms 1 Zzzcms 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240872.
CVE-2023-3759 1 Intergard 1 Smartgard Silver With Matrix Keyboard 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
A vulnerability, which was classified as critical, was found in Intergard SGS 8.7.0. Affected is an unknown function. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234444. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-39399 1 Huawei 2 Emui, Harmonyos 2024-11-21 N/A 9.1 CRITICAL
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2023-39398 1 Huawei 2 Emui, Harmonyos 2024-11-21 N/A 9.1 CRITICAL
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2019-2177 1 Google 1 Android 2024-11-21 6.8 MEDIUM 8.8 HIGH
In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2019-11146 1 Intel 1 Driver \& Support Assistant 2024-11-21 4.6 MEDIUM 7.8 HIGH
Improper file verification in IntelĀ® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-11145 1 Intel 1 Driver \& Support Assistant 2024-11-21 4.6 MEDIUM 7.8 HIGH
Improper file verification in IntelĀ® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2017-9327 1 Cloudera 1 Cloudera Manager 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Secret data of processes managed by CM is not secured by file permissions.
CVE-2017-8153 1 Huawei 1 Vmall 2024-11-21 5.8 MEDIUM 7.1 HIGH
Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead to resource occupation or information leak.
CVE-2017-7145 1 Apple 1 Iphone Os 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location data.
CVE-2017-7144 1 Apple 2 Iphone Os, Safari 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling.
CVE-2017-7088 1 Apple 1 Iphone Os 2024-11-21 7.1 HIGH 5.9 MEDIUM
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Exchange ActiveSync" component. It allows remote attackers to erase a device in opportunistic circumstances by hijacking a cleartext AutoDiscover V1 session during the setup of an Exchange account.
CVE-2017-6513 1 Softaculous 2 Virtualizor, Whmcs Reseller Module 2024-11-21 6.5 MEDIUM 9.9 CRITICAL
The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL.
CVE-2017-5809 1 Hp 1 Data Protector 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
CVE-2017-2694 1 Huawei 1 Vmall 2024-11-21 4.3 MEDIUM 3.3 LOW
The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience.