Search Results (1868 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-20495 1 Google 1 Android 2025-04-22 7.8 High
In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243849844
CVE-2024-43769 1 Google 1 Android 2025-04-21 7.8 High
In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2022-25327 1 Google 1 Fscrypt 2025-04-21 5.5 Medium
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above
CVE-2021-22571 1 Google 1 Sa360 Webquery To Bigquery Exporter 2025-04-21 5.5 Medium
A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.
CVE-2022-0742 2 Linux, Netapp 27 Linux Kernel, A400, A400 Firmware and 24 more 2025-04-21 9.1 Critical
Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.
CVE-2022-0343 1 Google 1 Perfetto 2025-04-21 3.3 Low
A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2
CVE-2015-7842 1 Huawei 20 Ch121 V3, Ch121 V3 Firmware, Ch220 V3 and 17 more 2025-04-20 N/A
Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions.
CVE-2017-4975 1 Pivotal 1 Pcf Tile Generator 2025-04-20 N/A
An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator.
CVE-2017-1382 1 Ibm 1 Websphere Application Server 2025-04-20 N/A
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153.
CVE-2017-11463 1 Ivanti 1 Endpoint Manager 2025-04-20 N/A
In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc.
CVE-2017-10912 1 Xen 1 Xen 2025-04-20 N/A
Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.
CVE-2016-6648 1 Emc 2 Recoverpoint, Recoverpoint For Virtual Machines 2025-04-20 N/A
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system.
CVE-2015-7889 2 Google, Samsung 2 Android, Galaxy S6 Edge 2025-04-20 N/A
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.
CVE-2017-9505 1 Atlassian 1 Confluence 2025-04-20 4.3 Medium
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself.
CVE-2015-7781 1 Zohocorp 1 Manageengine Firewall Analyzer 2025-04-20 N/A
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.
CVE-2017-16522 1 Mitrastar 4 Dsl-100hn-t1, Dsl-100hn-t1 Firmware, Gpt-2541gnac and 1 more 2025-04-20 N/A
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.
CVE-2016-0394 1 Ibm 2 Integration Bus, Websphere Message Broker 2025-04-20 N/A
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
CVE-2016-2406 1 Huawei 1 Document Security Management 2025-04-20 N/A
The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button.
CVE-2016-3022 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more 2025-04-20 6.5 Medium
IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions.
CVE-2016-4873 1 Cybozu 1 Office 2025-04-20 N/A
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.