Search Results (2191 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-5648 2 Apache, Redhat 3 Tomcat, Enterprise Linux, Jboss Enterprise Web Server 2025-04-20 N/A
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.
CVE-2017-9937 1 Libtiff 1 Libtiff 2025-04-20 N/A
In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.
CVE-2016-8368 1 Mitsubishielectric 6 Qj71e71-100, Qj71e71-100 Firmware, Qj71e71-b2 and 3 more 2025-04-20 8.6 High
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock.
CVE-2017-14681 1 P3scan Project 1 P3scan 2025-04-20 N/A
The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan.
CVE-2017-6100 1 Tcpdf Project 1 Tcpdf 2025-04-20 N/A
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.
CVE-2017-8171 1 Huawei 2 P10 Plus, P10 Plus Firmware 2025-04-20 N/A
Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to bypass the Google account verification. As a result, the FRP function is bypassed.
CVE-2017-6267 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2025-04-20 N/A
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service.
CVE-2017-14159 2 Openldap, Oracle 2 Openldap, Blockchain Platform 2025-04-20 4.7 Medium
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.
CVE-2017-12847 1 Nagios 1 Nagios 2025-04-20 N/A
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
CVE-2017-6348 1 Linux 1 Linux Kernel 2025-04-20 N/A
The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.
CVE-2016-8763 1 Huawei 6 P8 Lite, P8 Lite Firmware, P9 and 3 more 2025-04-20 N/A
The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an improper resource release vulnerability, which allows attackers to cause a system restart or privilege elevation.
CVE-2024-11158 1 Rockwellautomation 1 Arena 2025-04-18 6.7 Medium
An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
CVE-2022-46487 1 Scontain 1 Scone 2025-04-17 7.8 High
Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis.
CVE-2021-27424 1 Ge 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more 2025-04-16 5.3 Medium
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information.
CVE-2022-1467 1 Aveva 2 Intouch Access Anywhere, Plant Scada Access Anywhere 2025-04-16 7.4 High
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.
CVE-2022-28287 1 Mozilla 1 Firefox 2025-04-16 6.5 Medium
In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99.
CVE-2023-38994 1 Univention 1 Univention Corporate Server 2025-04-15 7.9 High
The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users.
CVE-2022-38474 1 Mozilla 1 Firefox 2025-04-15 4.3 Medium
A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.<br />*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 104.
CVE-2020-36532 1 Klapp 1 App 2025-04-15 4.3 Medium
A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attack can be initiated remotely. It is recommended to upgrade the affected app.
CVE-2022-3952 1 Manydesigns 1 Portofino 2025-04-15 2.6 Low
A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address this issue. The name of the patch is 94653cb357806c9cf24d8d294e6afea33f8f0775. It is recommended to upgrade the affected component. The identifier VDB-213457 was assigned to this vulnerability.