Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20281 | 1 Google | 1 Android | 2023-08-08 | N/A | 7.8 HIGH |
| In Core, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204083967 | |||||
| CVE-2022-20322 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In PackageManager, there is a possible installed package disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187176993 | |||||
| CVE-2022-20261 | 1 Google | 1 Android | 2023-08-08 | N/A | 2.3 LOW |
| In LocationManager, there is a possible way to get location information due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219835125 | |||||
| CVE-2022-20299 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In ContentService, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-201415895 | |||||
| CVE-2022-20298 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-201416182 | |||||
| CVE-2022-28993 | 1 Bdtask | 1 Multi Store Inventory Management System | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request. | |||||
| CVE-2022-20182 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 4.4 MEDIUM |
| In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222348453References: N/A | |||||
| CVE-2022-21749 | 2 Google, Mediatek | 55 Android, Mt6739, Mt6750 and 52 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511058; Issue ID: ALPS06511058. | |||||
| CVE-2022-20053 | 2 Google, Mediatek | 60 Android, Mt6731, Mt6732 and 57 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219097; Issue ID: ALPS06219097. | |||||
| CVE-2022-43712 | 1 Gxsoftware | 1 Xperiencentral | 2023-08-04 | N/A | 6.5 MEDIUM |
| POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965. | |||||
| CVE-2023-38989 | 1 Jeesite | 1 Jeesite | 2023-08-04 | N/A | 4.3 MEDIUM |
| An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information. | |||||
| CVE-2023-3442 | 1 Jenkins | 1 Servicenow Devops | 2023-08-03 | N/A | 7.5 HIGH |
| A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform. | |||||
| CVE-2023-38510 | 1 Tolgee | 1 Tolgee | 2023-08-03 | N/A | 8.1 HIGH |
| Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's important to note that this vulnerability only affects projects that have inadvertently exposed their API keys on the internet. Projects that have kept their API keys secure are not impacted. This issue is fixed in version 3.23.1. | |||||
| CVE-2022-0178 | 1 Snipeitapp | 1 Snipe-it | 2023-08-02 | 5.5 MEDIUM | 5.4 MEDIUM |
| Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8. | |||||
| CVE-2022-0611 | 1 Snipeitapp | 1 Snipe-it | 2023-08-02 | 6.5 MEDIUM | 8.8 HIGH |
| Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11. | |||||
| CVE-2022-0588 | 1 Librenms | 1 Librenms | 2023-08-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing Authorization in Packagist librenms/librenms prior to 22.2.0. | |||||
| CVE-2022-0579 | 1 Snipeitapp | 1 Snipe-it | 2023-08-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9. | |||||
| CVE-2023-37049 | 1 Emlog | 1 Emlog | 2023-07-31 | N/A | 6.5 MEDIUM |
| emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php. | |||||
| CVE-2023-26301 | 1 Hp | 38 Color Laserjet Pro 4201-4203 4ra87f, Color Laserjet Pro 4201-4203 4ra87f Firmware, Color Laserjet Pro 4201-4203 4ra88f and 35 more | 2023-07-31 | N/A | 9.8 CRITICAL |
| Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints. | |||||
| CVE-2020-27777 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Openshift Container Platform | 2023-07-28 | 7.2 HIGH | 6.7 MEDIUM |
| A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. | |||||