‼ CVE-2022-23801 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23797 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23794 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22772 ‼
📖 Read
via "National Vulnerability Database".
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23798 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39746 ‼
📖 Read
via "National Vulnerability Database".
In PermissionController, there is a possible way to delete some local files due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194696395📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39786 ‼
📖 Read
via "National Vulnerability Database".
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192551247📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44310 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39744 ‼
📖 Read
via "National Vulnerability Database".
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192369136📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39787 ‼
📖 Read
via "National Vulnerability Database".
In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202506934📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39743 ‼
📖 Read
via "National Vulnerability Database".
In PackageManager, there is a possible way to update the last usage time of another package due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201534884📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39791 ‼
📖 Read
via "National Vulnerability Database".
In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194112606📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23799 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39777 ‼
📖 Read
via "National Vulnerability Database".
In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194743207📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39781 ‼
📖 Read
via "National Vulnerability Database".
In SmsController, there is a possible information disclosure due to a permissions bypass. This could lead to local escalation of privilege and sending sms with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-195311502📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39764 ‼
📖 Read
via "National Vulnerability Database".
In Settings, there is a possible way to display an incorrect app name due to improper input validation. This could lead to local escalation of privilege via app spoofing with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-170642995📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39788 ‼
📖 Read
via "National Vulnerability Database".
In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191768014📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22996 ‼
📖 Read
via "National Vulnerability Database".
The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23136 ‼
📖 Read
via "National Vulnerability Database".
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23800 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39774 ‼
📖 Read
via "National Vulnerability Database".
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205989472📖 Read
via "National Vulnerability Database".