Total
1368 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38789 | 1 Allwinnertech | 2 Android Q Sdk, R818 | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller's permission, in which a third-party app could change system settings. | |||||
| CVE-2021-0428 | 1 Google | 1 Android | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173421434 | |||||
| CVE-2021-1011 | 1 Google | 1 Android | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| In setPackageStoppedState of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-188219307 | |||||
| CVE-2021-20693 | 1 Gurunavi | 1 Gurunavi | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | |||||
| CVE-2021-39808 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209966086 | |||||
| CVE-2020-12734 | 1 Depstech | 2 Wifi Digital Microscope 3, Wifi Digital Microscope 3 Firmware | 2022-07-12 | 4.8 MEDIUM | 8.1 HIGH |
| DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Default settings. | |||||
| CVE-2021-27903 | 1 Craftcms | 1 Craft Cms | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session). | |||||
| CVE-2021-37976 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2021-22233 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details | |||||
| CVE-2021-44840 | 1 Deltarm | 1 Delta Rm | 2022-07-12 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid parameter and the operation with datas[query], it is possible to edit, create, and delete the following labels: Priority Indication, Quality Evaluation, Progress Margin and Priority. Furthermore, it is also possible to export Criticality labels with an unprivileged user. | |||||
| CVE-2021-40379 | 1 Comprotech | 8 Ip570, Ip570 Firmware, Ip60 and 5 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 does not require authorization. | |||||
| CVE-2021-29958 | 1 Mozilla | 1 Firefox | 2022-07-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS < 34. | |||||
| CVE-2021-39751 | 1 Google | 1 Android | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-172838801 | |||||
| CVE-2020-0485 | 1 Google | 1 Android | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| In areFunctionsSupported of UsbBackend.java, there is a possible access to tethering from a guest account due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-166125765 | |||||
| CVE-2021-0403 | 1 Google | 1 Android | 2022-07-12 | 2.1 LOW | 4.4 MEDIUM |
| In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05475124. | |||||
| CVE-2021-39662 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197302116 | |||||
| CVE-2021-46075 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations. | |||||
| CVE-2021-35413 | 1 Chamilo | 1 Chamilo Lms | 2022-07-12 | 6.0 MEDIUM | 8.8 HIGH |
| A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file. | |||||
| CVE-2022-34818 | 1 Jenkins | 1 Failed Job Deactivator | 2022-07-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. | |||||
| CVE-2022-34813 | 1 Jenkins | 1 Xpath Configuration Viewer | 2022-07-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. | |||||