Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-19778 | 1 Shopxo | 1 Shopxo | 2022-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "user_id" in the HTML request. | |||||
| CVE-2020-10006 | 1 Apple | 1 Mac Os X | 2022-10-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files. | |||||
| CVE-2022-36867 | 1 Samsung | 1 Editor Lite | 2022-10-01 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information. | |||||
| CVE-2022-36869 | 1 Samsung | 1 Contacts Provider | 2022-10-01 | N/A | 6.1 MEDIUM |
| Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission. | |||||
| CVE-2021-43008 | 2 Adminer, Debian | 2 Adminer, Debian Linux | 2022-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database. | |||||
| CVE-2020-15768 | 1 Gradle | 2 Enterprise, Enterprise Cache Node | 2022-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This potentially allows an attacker to impersonate another user. Gradle Enterprise affected application request paths:/info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers. Gradle Enterprise Build Cache Node affected application request paths:/cache-node-info/headers. | |||||
| CVE-2022-24409 | 1 Dell | 1 Bsafe Ssl-j | 2022-09-30 | 7.5 HIGH | 7.5 HIGH |
| Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date. | |||||
| CVE-2021-40419 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2020-20467 | 1 White Shark Systems Project | 1 White Shark Systems | 2022-09-29 | 6.4 MEDIUM | 6.5 MEDIUM |
| White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task. | |||||
| CVE-2022-3290 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-28 | N/A | 7.5 HIGH |
| Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8. | |||||
| CVE-2021-25472 | 1 Google | 1 Android | 2022-09-23 | 2.1 LOW | 3.3 LOW |
| An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information. | |||||
| CVE-2021-25351 | 2 Google, Samsung | 2 Android, Account | 2022-09-23 | 2.1 LOW | 2.4 LOW |
| Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password. | |||||
| CVE-2021-25340 | 1 Google | 1 Android | 2022-09-23 | 2.1 LOW | 2.4 LOW |
| Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State. | |||||
| CVE-2021-25366 | 1 Samsung | 1 Internet | 2022-09-23 | 3.6 LOW | 2.9 LOW |
| Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication. | |||||
| CVE-2021-25361 | 1 Google | 1 Android | 2022-09-23 | 7.2 HIGH | 8.8 HIGH |
| An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications. | |||||
| CVE-2021-25378 | 1 Samsung | 1 Smartthings | 2022-09-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service. | |||||
| CVE-2021-25426 | 1 Google | 1 Android | 2022-09-23 | 5.0 MEDIUM | 7.5 HIGH |
| Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. | |||||
| CVE-2021-25453 | 1 Google | 1 Android | 2022-09-23 | 2.1 LOW | 5.5 MEDIUM |
| Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information. | |||||
| CVE-2021-25459 | 1 Google | 1 Android | 2022-09-23 | 2.1 LOW | 5.5 MEDIUM |
| An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService. | |||||
| CVE-2021-25447 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2022-09-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview. | |||||