Total
598 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-28597 | 3 Adobe, Apple, Microsoft | 3 Photoshop Elements, Macos, Windows | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Adobe Photoshop Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. | |||||
CVE-2021-22118 | 3 Netapp, Oracle, Vmware | 32 Hci, Management Services For Element Software, Commerce Guided Search and 29 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. | |||||
CVE-2021-1438 | 1 Cisco | 1 Wide Area Application Services | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access. | |||||
CVE-2020-27361 | 1 Akkadianlabs | 1 Akkadian Provisioning Manager | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories. | |||||
CVE-2021-22539 | 1 Google | 1 Bazel | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above. | |||||
CVE-2021-30921 | 1 Apple | 2 Ipados, Iphone Os | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible onscreen. | |||||
CVE-2008-2544 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise. | |||||
CVE-2021-22549 | 1 Google | 1 Asylo | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c | |||||
CVE-2021-37704 | 1 Phpfastcache | 1 Phpfastcache | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the `/vendor` directory from public access. | |||||
CVE-2018-16494 | 1 Versa-networks | 1 Versa Operating System | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers. | |||||
CVE-2021-22420 | 1 Huawei | 1 Harmonyos | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing.. | |||||
CVE-2021-21430 | 1 Openapi-generator | 1 Openapi Generator | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. Auto-generated code (Java, Scala) that deals with uploading or downloading binary data through API endpoints will create insecure temporary files during the process. Affected generators: `java` (jersey2, okhttp-gson (default library)), `scala-finch`. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version. | |||||
CVE-2021-25357 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information. | |||||
CVE-2020-18972 | 1 Podofo Project | 1 Podofo | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. | |||||
CVE-2021-31410 | 1 Vaadin | 1 Designer | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request. | |||||
CVE-2021-20416 | 1 Ibm | 1 Guardium Data Encryption | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218. | |||||
CVE-2021-28633 | 1 Adobe | 1 Creative Cloud Desktop Application | 2023-12-10 | 3.6 LOW | 6.1 MEDIUM |
Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires physical interaction to the system. | |||||
CVE-2020-22535 | 1 Pbootcms | 1 Pbootcms | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php. | |||||
CVE-2021-26309 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions. | |||||
CVE-2019-9475 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-9496886 |