Total
598 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-22550 | 1 Google | 1 Asylo | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c | |||||
CVE-2021-38712 | 1 Onenav | 1 Onenav | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file. | |||||
CVE-2020-36319 | 1 Vaadin | 2 Flow, Vaadin | 2023-12-10 | 3.5 LOW | 6.5 MEDIUM |
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. @RestController | |||||
CVE-2021-31407 | 1 Vaadin | 2 Flow, Vaadin | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request. | |||||
CVE-2021-28168 | 2 Eclipse, Oracle | 3 Jersey, Communications Cloud Native Core Policy, Communications Cloud Native Core Unified Data Repository | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users. | |||||
CVE-2020-10581 | 1 Invigo | 1 Automatic Device Management | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application. | |||||
CVE-2021-24001 | 1 Mozilla | 1 Firefox | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88. | |||||
CVE-2021-32788 | 1 Discourse | 1 Discourse | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic. | |||||
CVE-2020-24511 | 3 Debian, Intel, Netapp | 5 Debian Linux, Microcode, Fas\/aff Bios and 2 more | 2023-12-10 | 2.1 LOW | 6.5 MEDIUM |
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2021-36002 | 1 Adobe | 1 Captivate | 2023-12-10 | 4.4 MEDIUM | 7.3 HIGH |
Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer. | |||||
CVE-2020-18647 | 1 5none | 1 Nonecms | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor". | |||||
CVE-2021-25364 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information. | |||||
CVE-2021-33669 | 1 Sap | 1 Mobile Sdk Certificate Provider | 2023-12-10 | 6.9 MEDIUM | 7.8 HIGH |
Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and availability. | |||||
CVE-2020-21356 | 1 Popojicms | 1 Popojicms | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads. | |||||
CVE-2021-34539 | 1 Cubecoders | 1 Amp | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of validation of the Java Version setting means that an unintended executable path can be set. The result is that high-privileged users can trigger code execution. | |||||
CVE-2021-0588 | 1 Google | 1 Android | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-177238342 | |||||
CVE-2021-21428 | 1 Openapi-generator | 1 Openapi Generator | 2023-12-10 | 4.4 MEDIUM | 7.0 HIGH |
Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation process. The insecure temporary folders store the auto-generated files which can be read and appended to by any users on the system. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version. | |||||
CVE-2020-18754 | 1 Dcce | 2 Mac1100 Plc, Mac1100 Plc Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100. | |||||
CVE-2021-23958 | 1 Mozilla | 1 Firefox | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. | |||||
CVE-2020-16263 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins. |