‼ CVE-2021-22806 ‼
📖 Read
via "National Vulnerability Database".
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23853 ‼
📖 Read
via "National Vulnerability Database".
The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22804 ‼
📖 Read
via "National Vulnerability Database".
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23433 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23432 ‼
📖 Read
via "National Vulnerability Database".
An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24003 ‼
📖 Read
via "National Vulnerability Database".
Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via unprotected intent.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24002 ‼
📖 Read
via "National Vulnerability Database".
Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22785 ‼
📖 Read
via "National Vulnerability Database".
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22292 ‼
📖 Read
via "National Vulnerability Database".
Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39663 ‼
📖 Read
via "National Vulnerability Database".
In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-200682135📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39619 ‼
📖 Read
via "National Vulnerability Database".
In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197399948📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23431 ‼
📖 Read
via "National Vulnerability Database".
An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24000 ‼
📖 Read
via "National Vulnerability Database".
PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22787 ‼
📖 Read
via "National Vulnerability Database".
A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39665 ‼
📖 Read
via "National Vulnerability Database".
In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-204077881📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23999 ‼
📖 Read
via "National Vulnerability Database".
PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22802 ‼
📖 Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4046 ‼
📖 Read
via "National Vulnerability Database".
The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0562 ‼
📖 Read
via "National Vulnerability Database".
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4035 ‼
📖 Read
via "National Vulnerability Database".
A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39675 ‼
📖 Read
via "National Vulnerability Database".
In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205729183📖 Read
via "National Vulnerability Database".