Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47478 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-15 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-47477 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-15 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-47476 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-15 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-47475 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-15 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-47474 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-15 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-47473 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-15 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-47472 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-15 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-47471 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-15 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-25573 | 1 Metersphere | 1 Metersphere | 2023-03-15 | N/A | 7.5 HIGH |
| metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-26957 | 1 Onekeyadmin | 1 Onekeyadmin | 2023-03-15 | N/A | 9.1 CRITICAL |
| onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins. | |||||
| CVE-2023-22858 | 1 Blogengine | 1 Blogengine.net | 2023-03-13 | N/A | 5.3 MEDIUM |
| An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs. | |||||
| CVE-2023-26510 | 1 Ghost | 1 Ghost | 2023-03-09 | N/A | 5.7 MEDIUM |
| Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact. | |||||
| CVE-2022-48318 | 1 Tribe29 | 1 Checkmk | 2023-03-06 | N/A | 5.3 MEDIUM |
| No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk <= 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation. | |||||
| CVE-2020-0202 | 1 Google | 1 Android | 2023-03-03 | 6.8 MEDIUM | 7.8 HIGH |
| In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11 Android ID: A-142936525 | |||||
| CVE-2023-0678 | 1 Phpipam | 1 Phpipam | 2023-03-02 | N/A | 5.3 MEDIUM |
| Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1. | |||||
| CVE-2019-5463 | 1 Gitlab | 1 Gitlab | 2023-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. | |||||
| CVE-2022-47341 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-02-21 | N/A | 6.7 MEDIUM |
| In engineermode services, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | |||||
| CVE-2022-47361 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-02-21 | N/A | 7.8 HIGH |
| In firewall service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | |||||
| CVE-2022-47358 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-02-21 | N/A | 5.5 MEDIUM |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. | |||||
| CVE-2023-21450 | 1 Samsung | 1 One Hand Operation \+ | 2023-02-17 | N/A | 2.1 LOW |
| Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting. | |||||