Skip to main content

182 docs tagged with "LOW_Vulnerabilities"

View all tags

CVE-2000-0067

CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack.

CVE-2000-0069

The recover program in Solstice Backup allows local users to restore sensitive files.

CVE-2000-0080

AIX techlibss allows local users to overwrite files via a symlink attack.

CVE-2000-1083

The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not prope

CVE-2000-1096

crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure

CVE-2000-1127

registrar in the HP resource monitor service allows local users to read and modify arbitrary files b

CVE-2000-1140

Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to

CVE-2000-1141

Recourse ManTrap 1.6 modifies the kernel so that '..' does not appear in the /proc listing, which al

CVE-2000-1142

Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd

CVE-2000-1143

Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attacker

CVE-2000-1144

Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode

CVE-2000-1146

Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that n

CVE-2000-1156

StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directo

CVE-2000-1162

ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack

CVE-2003-1071

rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on u

CVE-2004-0770

romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a sy

CVE-2004-0996

main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows loca

CVE-2004-1000

lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which

CVE-2004-1016

The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, a

CVE-2004-1022

Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use s

CVE-2004-1023

Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when

CVE-2004-1058

Race condition in Linux kernel 2.6 allows local users to read the environment variables of another p

CVE-2004-1066

The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x t

CVE-2004-1069

Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kerne

CVE-2004-1073

The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and

CVE-2004-1074

The binfmt functionality in the Linux kernel, when 'memory overcommit' is enabled, allows local user

CVE-2004-1107

dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a

CVE-2004-1108

qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a sym

CVE-2004-1110

The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary f

CVE-2004-1171

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user

CVE-2004-1190

SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent

CVE-2004-1191

Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of mem

CVE-2004-1204

FluxBox 0.9.10 and earlier versions allows local users to cause a denial of service (application cra

CVE-2004-1268

lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local

CVE-2004-1270

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and

CVE-2004-1276

IglooFTP 0.6.1, when recursively uploading a directory, allows local users to overwrite the files th

CVE-2004-1295

The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is

CVE-2005-0288

The change password functionality in Bottomline Webseries Payment Application does not require the o

CVE-2006-0055

The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm

CVE-2006-0077

Off-by-one error in the getfattr function in File::ExtAttr before 0.03 allows attackers to trigger a

CVE-2006-0095

dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which lea

CVE-2006-0133

Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the exis

CVE-2006-0172

Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (a

CVE-2006-6921

Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverab

CVE-2007-0120

Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to c

CVE-2007-0124

Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows

CVE-2007-5403

Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticat

CVE-2007-6421

Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTT

CVE-2007-6680

Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block

CVE-2008-5814

Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is

CVE-2008-5825

The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 fir

CVE-2008-5847

Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows co

CVE-2008-5893

Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attack

CVE-2009-0071

Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attacker

CVE-2009-3410

Unspecified vulnerability in the RDBMS component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10

CVE-2009-3412

Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5

CVE-2009-3413

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.

CVE-2009-4557

Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x

CVE-2009-4559

Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal al

CVE-2009-4567

Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow re

CVE-2010-0221

Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler

CVE-2010-0223

Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler

CVE-2010-10002

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSA

CVE-2010-3282

389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server be

CVE-2010-3875

The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initi

CVE-2010-3876

net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain st

CVE-2010-3877

The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize

CVE-2010-4322

Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remot

CVE-2010-4525

Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure me

CVE-2010-4644

Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated us

CVE-2010-5292

Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might

CVE-2011-0007

pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary fil

CVE-2011-4316

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, do

CVE-2011-5056

The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restric

CVE-2011-5269

Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 allows remote authenticated us

CVE-2012-0287

Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, wh

CVE-2012-2696

The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check

CVE-2012-3538

Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which

CVE-2012-4574

Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows lo

CVE-2012-5516

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage dom

CVE-2012-5605

Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/gri

CVE-2012-6348

Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local

CVE-2013-0154

The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local

CVE-2013-10006

A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by t

CVE-2013-4460

Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.1

CVE-2013-4969

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.

CVE-2013-6402

base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrit

CVE-2013-6436

The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not

CVE-2013-6480

Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean AP

CVE-2013-7250

Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.

CVE-2013-7274

Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated us

CVE-2014-1233

The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and p

CVE-2014-1234

The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by list

CVE-2014-3096

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allo

CVE-2014-9191

The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows phy

CVE-2014-9269

Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before

CVE-2014-9434

Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend i

CVE-2014-9461

Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for Wo

CVE-2014-9498

Cross-site scripting (XSS) vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and

CVE-2014-9499

Cross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when

CVE-2014-9501

Cross-site scripting (XSS) vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for D

CVE-2014-9505

Cross-site scripting (XSS) vulnerability in the School Administration module 7.x-1.x before 7.x-1.8

CVE-2014-9506

MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when

CVE-2014-9507

MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is en

CVE-2014-9584

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 do

CVE-2014-9585

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly c

CVE-2016-15009

A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unkn

CVE-2016-15010

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of

CVE-2016-6586

A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, w

CVE-2017-1478

IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read

CVE-2017-1669

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. T

CVE-2017-1681

IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacke

CVE-2017-1699

IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates

CVE-2017-2158

Improper verification when expanding ZIP64 archives in Lhaplus versions 1.73 and earlier may lead to

CVE-2018-15466

A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Ci

CVE-2018-16866

An out of bounds read was discovered in systemd-journald in the way it parses log messages that term

CVE-2018-1993

IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read O

CVE-2018-25064

A vulnerability was found in OSM Lab show-me-the-way. It has been rated as problematic. This issue a

CVE-2018-25073

A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problema

CVE-2018-25074

A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some

CVE-2018-5278

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia

CVE-2019-14834

A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attack

CVE-2019-18179

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edi

CVE-2019-25095

A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affec

CVE-2019-25096

A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Aff

CVE-2019-6331

An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential securit

CVE-2020-14341

The 'Test Connection' available in v7.x of the Red Hat Single Sign On application console can permit

CVE-2020-23250

GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database.

CVE-2020-24003

Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which all

CVE-2020-26623

SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to ex

CVE-2020-26624

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote at

CVE-2020-26625

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote at

CVE-2020-36646

A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affe

CVE-2020-36649

A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Aff

CVE-2020-4919

IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privile

CVE-2021-22567

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editor

CVE-2021-23239

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitra

CVE-2021-25743

kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs t

CVE-2021-28376

ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files.

CVE-2021-38894

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive

CVE-2021-43566

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS rac

CVE-2021-45916

The programming function of Shockwall system has an improper input validation vulnerability. An auth

CVE-2022-21929

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2022-22266

(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity applicati

CVE-2022-22267

Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 all

CVE-2022-22269

Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allo

CVE-2022-22270

An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivil

CVE-2022-22272

Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get I

CVE-2022-22283

Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out

CVE-2022-23114

Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configura

CVE-2022-3343

The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Hime

CVE-2022-4102

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF check

CVE-2022-4109

The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input agai

CVE-2022-42839

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO

CVE-2022-4342

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7

CVE-2022-46168

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an

CVE-2022-47952

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer wheth

CVE-2023-20573

A privileged attackercan prevent delivery of debug exceptions to SEV-SNP guests potentiallyresulti

CVE-2023-21759

Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability

CVE-2023-22469

Deck is a kanban style organization tool aimed at personal planning and project organization for tea

CVE-2023-22473

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode

CVE-2023-28197

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ven

CVE-2023-34321

Arm provides multiple helpers to clean & invalidate the cachefor a given region. This is, for inst

CVE-2023-38612

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 a

CVE-2023-40383

A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 1

CVE-2023-40394

The issue was addressed with improved validation of environment variables. This issue is fixed in iO

CVE-2023-40439

A privacy issue was addressed with improved private data redaction for log entries. This issue is fi

CVE-2023-40529

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO

CVE-2023-42830

A privacy issue was addressed with improved private data redaction for log entries. This issue is fi

CVE-2023-46837

Arm provides multiple helpers to clean & invalidate the cachefor a given region. This is, for inst

CVE-2023-49098

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a us

CVE-2023-49142

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash throug

CVE-2023-49619

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerab

CVE-2024-0217

A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics f

CVE-2024-0230

A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard

CVE-2024-0347

A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problemati

CVE-2024-0351

A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1

CVE-2024-20807

Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local att

CVE-2024-22047

A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause

CVE-2024-22194

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, ca