| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link. |
| An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link. |
| An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows attackers to access sensitive user information via supplying a crafted link. |
| An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link. |
| Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access. |
|
A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.
See SEL Service Bulletin dated 2022-11-15 for more details.
|
| Improper buffer restriction in software for the Intel QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access. |
| Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. |
| Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access. |
| Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. |
|
CWE-924: Improper Enforcement of Message Integrity During Transmission in a
Communication Channel vulnerability exists that could cause a denial of service and loss of
confidentiality, integrity of controllers when conducting a Man in the Middle attack.
|
| Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page. |
| The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.remi.colorphone.callscreen.calltheme.callerscreen.dialer.DialerActivity component. |
| The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.screen.DialerActivity component. |
|
Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.
|
| Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7. |
| Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
|
