Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48510 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-13 | N/A | 9.8 CRITICAL |
| Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations. | |||||
| CVE-2022-48514 | 1 Huawei | 1 Harmonyos | 2023-07-13 | N/A | 7.5 HIGH |
| The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2022-48520 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-12 | N/A | 7.5 HIGH |
| Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2022-48519 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-12 | N/A | 7.5 HIGH |
| Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2022-48516 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-12 | N/A | 7.5 HIGH |
| Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality. | |||||
| CVE-2023-37239 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-12 | N/A | 7.5 HIGH |
| Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program. | |||||
| CVE-2023-3455 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-12 | N/A | 9.1 CRITICAL |
| Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity. | |||||
| CVE-2022-39222 | 1 Linuxfoundation | 1 Dex | 2023-07-11 | N/A | 6.5 MEDIUM |
| Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-39397 | 1 Aliyun-oss-client Project | 1 Aliyun-oss-client | 2023-07-11 | N/A | 4.3 MEDIUM |
| aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1. | |||||
| CVE-2022-43684 | 1 Servicenow | 1 Servicenow | 2023-07-11 | N/A | 6.5 MEDIUM |
| ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: * Quebec prior to Patch 10 Hot Fix 8b * Rome prior to Patch 10 Hot Fix 1 * San Diego prior to Patch 7 * Tokyo prior to Tokyo Patch 1; and * Utah prior to Utah General Availability If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls. | |||||
| CVE-2021-46891 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-11 | N/A | 9.8 CRITICAL |
| Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | |||||
| CVE-2022-25828 | 1 Samsung | 1 Watch Active Plugin | 2023-07-10 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
| CVE-2022-25827 | 1 Samsung | 1 Galaxy Watch Plugin | 2023-07-10 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
| CVE-2022-25826 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2023-07-10 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
| CVE-2022-25823 | 1 Samsung | 1 Galaxy Watch Plugin | 2023-07-10 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log. | |||||
| CVE-2022-25830 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2023-07-10 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
| CVE-2022-25829 | 1 Samsung | 1 Watch Active2 Plugin | 2023-07-10 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
| CVE-2021-3798 | 1 Opencryptoki Project | 1 Opencryptoki | 2023-07-10 | N/A | 5.5 MEDIUM |
| A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack. | |||||
| CVE-2021-38314 | 1 Redux | 1 Gutenberg Template Library \& Redux Framework | 2023-07-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`. | |||||
| CVE-2023-36817 | 1 Kingstemple | 1 The King\'s Temple Church Website | 2023-07-10 | N/A | 9.1 CRITICAL |
| `tktchurch/website` contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized party gains access to this key, they could potentially carry out transactions on behalf of the organization, leading to financial losses. Additionally, they could access sensitive customer information, leading to privacy violations and potential legal implications. The affected component is the codebase of our project, specifically the file(s) where the Stripe API key is embedded. The key should have been stored securely, and not committed to the codebase. The maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and not commit the key to the codebase. | |||||