Export limit exceeded: 355919 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8087 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20826 | 2 Google, Mediatek | 27 Android, Mt6580, Mt6761 and 24 more | 2024-11-21 | 5.5 Medium |
| In cta, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07978550; Issue ID: ALPS07978550. | ||||
| CVE-2023-20825 | 2 Google, Mediatek | 46 Android, Mt2713, Mt6580 and 43 more | 2024-11-21 | 5.5 Medium |
| In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413. | ||||
| CVE-2023-20824 | 2 Google, Mediatek | 46 Android, Mt2713, Mt6580 and 43 more | 2024-11-21 | 5.5 Medium |
| In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951402. | ||||
| CVE-2023-20064 | 1 Cisco | 40 Asr 9000v-v2, Asr 9001, Asr 9006 and 37 more | 2024-11-21 | 4.6 Medium |
| A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device. | ||||
| CVE-2023-0923 | 1 Redhat | 2 Enterprise Linux, Openshift Data Science | 2024-11-21 | 8.8 High |
| A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues. | ||||
| CVE-2023-0456 | 1 Redhat | 2 Apicast, Red Hat 3scale Amp | 2024-11-21 | 7.4 High |
| A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information. | ||||
| CVE-2022-48452 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 4.4 Medium |
| In Ifaa service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed | ||||
| CVE-2022-45803 | 1 Gutenbergforms | 1 Gutenberg Forms | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through 2.2.8.3. | ||||
| CVE-2022-43712 | 1 Gxsoftware | 1 Xperiencentral | 2024-11-21 | 6.5 Medium |
| POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965. | ||||
| CVE-2022-43453 | 1 Billminozzi | 1 Wp Tools | 2024-11-21 | 8.8 High |
| Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through 3.41. | ||||
| CVE-2022-40673 | 2 Fedoraproject, Kdiskmark Project | 2 Fedora, Kdiskmark | 2024-11-21 | 7.8 High |
| KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache. | ||||
| CVE-2022-3124 | 1 Najeebmedia | 1 Frontend File Manager | 2024-11-21 | 5.3 Medium |
| The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server | ||||
| CVE-2022-3007 | 1 Syska | 2 Sw100 Smartwatch, Sw100 Smartwatch Firmware | 2024-11-21 | 8.1 High |
| The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) which is used for performing Over-The-Air (OTA) firmware updates on the Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit this vulnerability by setting arbitrary values to handle on the vulnerable device over Bluetooth. Successful exploitation of this vulnerability could allow the attacker to perform firmware update, device reboot or data manipulation on the target device. | ||||
| CVE-2022-39960 | 1 Netic | 1 Group Export | 2024-11-21 | 5.3 Medium |
| The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI. | ||||
| CVE-2022-39861 | 1 Samsung | 1 Factorycamera | 2024-11-21 | 5.9 Medium |
| Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege. | ||||
| CVE-2022-39119 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 7.8 High |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||||
| CVE-2022-38685 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 5.5 Medium |
| In bluetooth service, there is a possible missing permission check. This could lead to local denial of service in bluetooth service with no additional execution privileges needed. | ||||
| CVE-2022-38370 | 1 Apache | 1 Iotdb | 2024-11-21 | 7.5 High |
| Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue. | ||||
| CVE-2022-38367 | 1 Netic | 1 User Export For Jira | 2024-11-21 | 5.3 Medium |
| The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint. | ||||
| CVE-2022-38183 | 1 Gitea | 1 Gitea | 2024-11-21 | 6.5 Medium |
| In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles. | ||||