Total
5238 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1079 | 1 Acme Labs | 1 Thttpd | 2025-04-03 | 7.2 HIGH | N/A |
| htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. | |||||
| CVE-2002-2242 | 1 Kismac | 1 Kismac | 2025-04-03 | 6.4 MEDIUM | N/A |
| The Apple Package Manager in KisMAC 0.02a and earlier modifies file permissions of sensitive files after installation, which could allow attackers to conduct unauthorized activities on those files. | |||||
| CVE-2002-2265 | 2 Hp, Open Source Internet Solutions | 2 Tru64, Open Source Internet Solutions | 2025-04-03 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in LDAP Module in System Authentication of Open Source Internet Solutions (OSIS) 5.4 running on Tru64 UNIX 4.0G and 4.0F allows remote attackers to gain access to arbitrary files or gain privileges via unknown attack vectors. | |||||
| CVE-2005-2819 | 1 Eric Fichot | 1 Downfile | 2025-04-03 | 7.5 HIGH | N/A |
| DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php. | |||||
| CVE-2006-0525 | 1 Adobe | 9 Acrobat, Acrobat Reader, Creative Suite and 6 more | 2025-04-03 | 4.6 MEDIUM | N/A |
| Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs. | |||||
| CVE-2002-2324 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 7.2 HIGH | N/A |
| The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings. | |||||
| CVE-2006-2198 | 2 Openoffice, Sun | 2 Openoffice, Staroffice | 2025-04-03 | 7.6 HIGH | N/A |
| OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. | |||||
| CVE-2005-3567 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-03 | 5.8 MEDIUM | N/A |
| slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 binds using SASL EXTERNAL, which allows attackers to bypass authentication and modify and delete directory data via unknown attack vectors. | |||||
| CVE-2006-4640 | 1 Adobe | 1 Flash Player | 2025-04-03 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors. | |||||
| CVE-2006-2918 | 1 Lanap Botdetect | 1 Captcha Asp.net | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number." | |||||
| CVE-2006-2095 | 1 Phex | 1 Phex | 2025-04-03 | 5.0 MEDIUM | N/A |
| Phex before 2.8.6 allows remote attackers to cause a denial of service (application hang) by initiating multiple chat requests to a single user and then logging off. | |||||
| CVE-2025-20145 | 2025-03-12 | N/A | 5.8 MEDIUM | ||
| A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device. For more information about this vulnerability, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2025-27521 | 2025-03-04 | N/A | 6.8 MEDIUM | ||
| Vulnerability of improper access permission in the process management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-53011 | 2025-03-03 | N/A | 7.9 HIGH | ||
| Information disclosure may occur due to improper permission and access controls to Video Analytics engine. | |||||
| CVE-2024-22452 | 1 Dell | 1 Display And Peripheral Manager | 2025-01-31 | N/A | 7.3 HIGH |
| Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation. | |||||
| CVE-2024-43064 | 1 Qualcomm | 60 Qam8255p, Qam8255p Firmware, Qam8295p and 57 more | 2025-01-13 | N/A | 7.5 HIGH |
| Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU. | |||||
| CVE-2024-56444 | 1 Huawei | 1 Harmonyos | 2025-01-13 | N/A | 7.5 HIGH |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-56440 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | N/A | 6.2 MEDIUM |
| Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2024-56436 | 1 Huawei | 1 Harmonyos | 2025-01-13 | N/A | 5.5 MEDIUM |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-52955 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | N/A | 6.5 MEDIUM |
| Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||