Total
70 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7842 | 1 Huawei | 20 Ch121 V3, Ch121 V3 Firmware, Ch220 V3 and 17 more | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions. | |||||
CVE-2015-7781 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. | |||||
CVE-2015-5153 | 1 Pulp Project | 1 Pulp | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. | |||||
CVE-2014-6047 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks. | |||||
CVE-2014-1632 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. | |||||
CVE-2014-1631 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. | |||||
CVE-2013-4201 | 1 Katello | 1 Katello | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions. | |||||
CVE-2013-4040 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176. | |||||
CVE-2013-3703 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data. | |||||
CVE-2012-5628 | 1 Gofer Project | 1 Gofer | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries. |