Lucene search
K

68 matches found

OSV
OSV
added 2019/06/07 8:29 p.m.3 views

CVE-2019-2091

In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for exploitation...

7.8CVSS7.1AI score0.00153EPSS
Exploits0References1
Veracode
Veracode
added 2018/11/19 5:29 a.m.23 views

Object Injection Attack

phpmailer/phpmailer is vulnerable to object injection attacks. The vulnerability exists due to the lack of validation on file paths to ensure if it is a permitted type, allowing object injection attacks...

8.8CVSS9.2AI score0.02211EPSS
Exploits0References10Affected Software1
RedHat Linux
RedHat Linux
added 2013/10/24 3:21 p.m.4 views

gnupg: treats no-usage-permitted keys as all-usages-permitted

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey...

5.8CVSS5.9AI score0.02518EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/10/24 3:16 p.m.8 views

gnupg: treats no-usage-permitted keys as all-usages-permitted

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey...

5.8CVSS5.9AI score0.02518EPSS
Exploits0References4
Mageia
Mageia
added 2013/07/01 7:16 p.m.55 views

Updated otrs package fixes security vulnerabilities

An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see CVE-2013-3551, CVE-2013-4088...

6.5CVSS3.9AI score0.02366EPSS
Exploits0References5
Mozilla
Mozilla
added 2011/04/28 12:0 a.m.40 views

Directory traversal in resource: protocol — Mozilla

Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful...

5CVSS1.9AI score0.02795EPSS
Exploits1References2Affected Software3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/10/10 6:44 a.m.3 views

Apache Tomcat allows access from a non-permitted IP address

Overview Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat...

4.3CVSS6.2AI score0.04807EPSS
Exploits2References14
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/10/10 12:0 a.m.54 views

JVN#30732239: Apache Tomcat allows access from a non-permitted IP address

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. Impact Impact varies depending on t...

4.3CVSS5.9AI score0.04807EPSS
Exploits2
Rows per page
Query Builder