‼ CVE-2021-39788 ‼
📖 Read
via "National Vulnerability Database".
In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191768014📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22996 ‼
📖 Read
via "National Vulnerability Database".
The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23136 ‼
📖 Read
via "National Vulnerability Database".
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23800 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39774 ‼
📖 Read
via "National Vulnerability Database".
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205989472📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23796 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39765 ‼
📖 Read
via "National Vulnerability Database".
In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535427📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39782 ‼
📖 Read
via "National Vulnerability Database".
In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202760015📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27907 ‼
📖 Read
via "National Vulnerability Database".
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39761 ‼
📖 Read
via "National Vulnerability Database".
In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-179783181📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39783 ‼
📖 Read
via "National Vulnerability Database".
In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-197960597📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39780 ‼
📖 Read
via "National Vulnerability Database".
In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204992293📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39773 ‼
📖 Read
via "National Vulnerability Database".
In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191276656📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23795 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.📖 Read
via "National Vulnerability Database".
❌ Critical RCE Bug in Spring Could Be the Next Log4Shell, Researchers Warn ❌
📖 Read
via "Threat Post".
The so-called 'Spring4Shell' bug has cropped up, so to speak, and could be lurking in literally millions of Java applications.📖 Read
via "Threat Post".
Threat Post
RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn
The security bug could crop up, so to speak, in any number of Java applications.
‼ CVE-2021-39790 ‼
📖 Read
via "National Vulnerability Database".
In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405146📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24135 ‼
📖 Read
via "National Vulnerability Database".
QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24132 ‼
📖 Read
via "National Vulnerability Database".
phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28223 ‼
📖 Read
via "National Vulnerability Database".
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27772 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1160 ‼
📖 Read
via "National Vulnerability Database".
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.📖 Read
via "National Vulnerability Database".