‼ CVE-2022-22270 ‼
📖 Read
via "National Vulnerability Database".
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40026 ‼
📖 Read
via "National Vulnerability Database".
There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22268 ‼
📖 Read
via "National Vulnerability Database".
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45231 ‼
📖 Read
via "National Vulnerability Database".
A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22287 ‼
📖 Read
via "National Vulnerability Database".
Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40004 ‼
📖 Read
via "National Vulnerability Database".
The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46054 ‼
📖 Read
via "National Vulnerability Database".
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22272 ‼
📖 Read
via "National Vulnerability Database".
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40038 ‼
📖 Read
via "National Vulnerability Database".
There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22823 ‼
📖 Read
via "National Vulnerability Database".
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40032 ‼
📖 Read
via "National Vulnerability Database".
The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21667 ‼
📖 Read
via "National Vulnerability Database".
soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even unauthenticated with the Pusher Protocol, it will crash the server. All users that run the server are affected by this vulnerability and it's highly recommended to upgrade to the latest patch. There are no workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40029 ‼
📖 Read
via "National Vulnerability Database".
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46050 ‼
📖 Read
via "National Vulnerability Database".
A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40000 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40021 ‼
📖 Read
via "National Vulnerability Database".
The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40014 ‼
📖 Read
via "National Vulnerability Database".
The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46147 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22824 ‼
📖 Read
via "National Vulnerability Database".
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38921 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9057 ‼
📖 Read
via "National Vulnerability Database".
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.📖 Read
via "National Vulnerability Database".