Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33892 | 2 Google, Unisoc | 14 Android, S8001, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33891 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33889 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33890 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33901 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33900 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33898 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33902 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33895 | 2 Google, Unisoc | 14 Android, S8004, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-30921 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-30919 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-30920 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2021-39190 | 1 Teclib-edition | 1 System Center Configuration Manager | 2023-07-17 | N/A | 5.3 MEDIUM |
| The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions prior to 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in version 2.3.0. No known workarounds exist. | |||||
| CVE-2022-39329 | 1 Nextcloud | 2 Nextcloud Enterprise Server, Nextcloud Server | 2023-07-14 | N/A | 5.3 MEDIUM |
| Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available. | |||||
| CVE-2022-39233 | 1 Enalean | 1 Tuleap | 2023-07-14 | N/A | 5.4 MEDIUM |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users can change the branch prefix of any of the GitLab repository integration they can see vie the REST endpoint `PATCH /gitlab_repositories/{id}`. This action should be restricted to Git administrators. This issue is patched in Tuleap Community Edition 14.0.99.24 and Tuleap Enterprise Edition 14.0-3. There are no known workarounds. | |||||
| CVE-2022-2350 | 1 Brainvire | 1 Disable User Login | 2023-07-14 | N/A | 5.3 MEDIUM |
| The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will. | |||||
| CVE-2022-39289 | 1 Zoneminder | 1 Zoneminder | 2023-07-14 | N/A | 7.5 HIGH |
| ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging. | |||||
| CVE-2023-20899 | 1 Vmware | 2 Sd-wan Edge, Sd-wan Edge Firmware | 2023-07-14 | N/A | 7.5 HIGH |
| VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management. | |||||
| CVE-2022-23621 | 1 Xwiki | 1 Xwiki | 2023-07-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can read any file located in the XWiki WAR (for example xwiki.cfg and xwiki.properties) through XWiki#invokeServletAndReturnAsString as `$xwiki.invokeServletAndReturnAsString("/WEB-INF/xwiki.cfg")`. This issue has been patched in XWiki versions 12.10.9, 13.4.3 and 13.7-rc-1. Users are advised to update. The only workaround is to limit SCRIPT right. | |||||
| CVE-2023-30195 | 1 Lineagrafica | 1 Lgdetailedorder | 2023-07-13 | N/A | 7.5 HIGH |
| In the module "Detailed Order" (lgdetailedorder) in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json. | |||||