Export limit exceeded: 11813 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11813 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-6635 1 Cisco 1 Prime Collaboration Provisioning 2025-04-20 N/A
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99597.
CVE-2016-6797 6 Apache, Canonical, Debian and 3 more 15 Tomcat, Ubuntu Linux, Debian Linux and 12 more 2025-04-20 7.5 High
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.
CVE-2017-7622 1 Deepin 1 Deepin Desktop Environment 2025-04-20 N/A
dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege escalation, by calling DoWriteGrubSettings() provided by dde-daemon.
CVE-2017-0881 1 Zulip 1 Zulip Server 2025-04-20 N/A
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.
CVE-2017-17693 1 Techno - Portfolio Management Panel Project 1 Techno - Portfolio Management Panel 2025-04-20 N/A
Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.
CVE-2017-8907 1 Atlassian 1 Bamboo 2025-04-20 8.8 High
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent. By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo.
CVE-2017-7548 3 Debian, Postgresql, Redhat 3 Debian Linux, Postgresql, Rhel Software Collections 2025-04-20 7.5 High
PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.
CVE-2017-10379 5 Debian, Mariadb, Netapp and 2 more 19 Debian Linux, Mariadb, Active Iq Unified Manager and 16 more 2025-04-20 6.5 Medium
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
CVE-2014-8168 1 Redhat 1 Satellite 2025-04-20 7.8 High
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
CVE-2017-5930 2 Opensuse, Postfixadmin Project 2 Leap, Postfixadmin 2025-04-20 2.7 Low
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
CVE-2015-7315 1 Plone 1 Plone 2025-04-20 N/A
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
CVE-2024-57757 1 Jeewms 1 Jeewms 2025-04-18 7.5 High
JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava.
CVE-2022-20558 1 Google 1 Android 2025-04-18 3.3 Low
In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236264289
CVE-2022-20556 1 Google 1 Android 2025-04-18 3.3 Low
In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301667
CVE-2022-20537 1 Google 1 Android 2025-04-18 3.3 Low
In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601169
CVE-2022-20536 1 Google 1 Android 2025-04-18 3.3 Low
In registerBroadcastReceiver of RcsService.java, there is a possible way to change preferred TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235100180
CVE-2022-20533 1 Google 1 Android 2025-04-18 3.3 Low
In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232798363
CVE-2022-20529 1 Google 1 Android 2025-04-18 2.4 Low
In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603
CVE-2022-20522 1 Google 1 Android 2025-04-18 7.8 High
In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877
CVE-2022-20519 1 Google 1 Android 2025-04-18 3.3 Low
In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678