Check CVE Id
Check CWE Id
Trend Micro ServerProtect Disclosure / CSRF / XSS
Cisco Firepower Threat Management Console Local File Inclusion
PLANET IP LFI / CSRF / XSS / Authentication Bypass
Arris DG1670A Cable Modem Remote Command Execution
SAP Business Objects Unauthorized File Repository Server Read
SAP Business Objects Unauthorized File Repository Server Write
CVEMAP Search Results
The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions.
There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files.
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.
Tad book3 project
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission.
A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot.
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.
In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.
The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.
Insecure permissions in Update Manager <= 18.104.22.1680 and DFL <= 12.5.1001.5 in DATEV programs v14.1 allows attacker to escalate privileges via insufficient configuration of service components.
Back to Top