Total
3124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21268 | 1 Oracle | 1 Communications Billing And Revenue Management | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Billing and Revenue Management executes to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2021-34890 | 1 Bentley | 2 Bentley View, Microstation | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14843. | |||||
| CVE-2021-25523 | 1 Samsung | 1 Dialer | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | |||||
| CVE-2021-39879 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 3.5 LOW |
| Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication | |||||
| CVE-2021-0994 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193801134 | |||||
| CVE-2021-41136 | 2 Debian, Puma | 2 Debian Linux, Puma | 2023-12-10 | 3.6 LOW | 3.7 LOW |
| Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`. | |||||
| CVE-2022-22267 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information. | |||||
| CVE-2022-0474 | 1 Otrs | 1 Custom Contact Fields | 2023-12-10 | 3.5 LOW | 3.5 LOW |
| Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affects: OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions. | |||||
| CVE-2021-34886 | 1 Bentley | 2 Bentley View, Microstation | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14839. | |||||
| CVE-2021-25740 | 1 Kubernetes | 1 Kubernetes | 2023-12-10 | 3.5 LOW | 3.1 LOW |
| A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | |||||
| CVE-2022-23605 | 1 Wire | 1 Wire-webapp | 2023-12-10 | 2.1 LOW | 2.3 LOW |
| Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible through the local search functionality. Any attempt to view one of these message in the chat view will then trigger the deletion. This issue only affects locally stored messages. On premise instances of wire-webapp need to be updated to 2022-01-27-production.0, so that their users are no longer affected. There are no known workarounds for this issue. | |||||
| CVE-2021-34901 | 1 Bentley | 2 Bentley View, Microstation | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14874. | |||||
| CVE-2021-30815 | 1 Apple | 2 Ipados, Iphone Os | 2023-12-10 | 2.1 LOW | 2.4 LOW |
| A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to view contacts from the lock screen. | |||||
| CVE-2022-0158 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2021-36994 | 1 Huawei | 2 Emui, Magic Ui | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
| There is a issue that trustlist strings being repeatedly inserted into the linked list in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist. | |||||
| CVE-2021-42069 | 1 Sap | 1 3d Visual Enterprise Viewer | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application | |||||
| CVE-2021-0988 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191954233 | |||||
| CVE-2021-34882 | 1 Bentley | 2 Bentley View, Microstation | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14835. | |||||
| CVE-2020-4805 | 1 Ibm | 1 Edge Application Manager | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539. | |||||
| CVE-2022-22269 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. | |||||