Total
268 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7079 | 1 Apple | 1 Itunes | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups (written by iTunes) via a crafted app. | |||||
CVE-2017-11746 | 1 Inversepath | 1 Tenshi | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command. | |||||
CVE-2017-6774 | 1 Cisco | 1 Asr 5000 Software | 2024-02-28 | 4.0 MEDIUM | 5.0 MEDIUM |
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839. | |||||
CVE-2017-2551 | 1 Inpsyde | 1 Backwpup | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download. | |||||
CVE-2017-7737 | 1 Fortinet | 1 Fortiweb | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. | |||||
CVE-2015-1350 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. | |||||
CVE-2009-3597 | 1 Digitaldesign Cms Project | 1 Digitaldesign Cms | 2024-02-28 | 5.0 MEDIUM | N/A |
Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for autoconfig.dd. | |||||
CVE-2005-1835 | 1 Nextweb | 1 Nextweb \(i\)site | 2024-02-28 | 5.0 MEDIUM | N/A |
NEXTWEB (i)Site stores databases under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to databases/Users.mdb. |