Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48369 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-05-11 | N/A | 7.8 HIGH |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-48250 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-05-11 | N/A | 7.8 HIGH |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-48368 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-05-11 | N/A | 7.8 HIGH |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-48242 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-05-11 | N/A | 5.5 MEDIUM |
| In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | |||||
| CVE-2022-48243 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-05-11 | N/A | 7.8 HIGH |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-48249 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-05-11 | N/A | 7.8 HIGH |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-48244 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-05-11 | N/A | 7.8 HIGH |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-48246 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-05-11 | N/A | 7.8 HIGH |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-48247 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-05-11 | N/A | 7.8 HIGH |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-48370 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-05-11 | N/A | 5.5 MEDIUM |
| In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | |||||
| CVE-2023-22728 | 1 Silverstripe | 1 Framework | 2023-05-04 | N/A | 4.3 MEDIUM |
| Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. | |||||
| CVE-2023-2193 | 1 Mattermost | 1 Mattermost | 2023-05-02 | N/A | 9.1 CRITICAL |
| Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token. | |||||
| CVE-2023-21094 | 1 Google | 1 Android | 2023-04-29 | N/A | 7.8 HIGH |
| In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-248031255 | |||||
| CVE-2023-25552 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2023-04-27 | N/A | 8.1 HIGH |
| A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | |||||
| CVE-2012-6614 | 1 Dlink | 2 Dsr-250n, Dsr-250n Firmware | 2023-04-26 | 9.0 HIGH | 7.2 HIGH |
| D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. | |||||
| CVE-2023-21091 | 1 Google | 1 Android | 2023-04-25 | N/A | 5.5 MEDIUM |
| In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possible way to change system app locales due to a missing permission check. This could lead to local denial of service across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257954050 | |||||
| CVE-2023-29529 | 1 Matrix | 1 Javascript Sdk | 2023-04-25 | N/A | 5.3 MEDIUM |
| matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker will not appear to be participating in the call. This attack is possible because matrix-js-sdk's group call implementation accepts incoming direct calls from other users, even if they have not yet declared intent to participate in the group call, as a means of resolving a race condition in call setup. Affected versions do not restrict access to the user's outbound media in this case. Legacy 1:1 calls are unaffected. This is fixed in matrix-js-sdk 24.1.0. As a workaround, users may hold group calls in private rooms where only the exact users who are expected to participate in the call are present. | |||||
| CVE-2020-9009 | 1 Shipstation | 1 Shipstation | 2023-04-21 | N/A | 3.7 LOW |
| The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number. | |||||
| CVE-2023-30532 | 1 Jenkins | 1 Turboscript | 2023-04-21 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins TurboScript Plugin 1.3 and earlier allows attackers with Item/Read permission to trigger builds of jobs corresponding to the attacker-specified repository. | |||||
| CVE-2023-30526 | 1 Jenkins | 1 Report Portal | 2023-04-20 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication. | |||||