Total
2257 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-20726 | 5 Google, Linuxfoundation, Mediatek and 2 more | 63 Android, Yocto, Mt2731 and 60 more | 2023-12-10 | N/A | 3.3 LOW |
In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only). | |||||
CVE-2022-47490 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
CVE-2020-36702 | 1 Brainstormforce | 1 Spectra | 2023-12-10 | N/A | 4.3 MEDIUM |
The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the plugin's settings. | |||||
CVE-2021-4350 | 1 Najeebmedia | 1 Frontend File Manager Plugin | 2023-12-10 | N/A | 5.3 MEDIUM |
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfm_send_file_in_email AJAX action. This makes it possible for unauthenticated attackers to send emails using the site with a custom subject, recipient email, and body with unsanitized HTML content. This effectively lets the attacker use the site as a spam relay. | |||||
CVE-2023-20926 | 1 Google | 1 Android | 2023-12-10 | N/A | 6.8 MEDIUM |
In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-253043058 | |||||
CVE-2023-36002 | 1 Proofpoint | 1 Insider Threat Management Server | 2023-12-10 | N/A | 4.3 MEDIUM |
A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected. | |||||
CVE-2022-44433 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 7.8 HIGH |
In phoneEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
CVE-2023-22834 | 1 Palantir | 1 Contour | 2023-12-10 | N/A | 4.3 MEDIUM |
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create. | |||||
CVE-2023-2784 | 1 Mattermost | 1 Mattermost | 2023-12-10 | N/A | 6.5 MEDIUM |
Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps. | |||||
CVE-2023-20955 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258653813 | |||||
CVE-2023-2783 | 1 Mattermost | 1 Mattermost | 2023-12-10 | N/A | 4.3 MEDIUM |
Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps. | |||||
CVE-2022-48445 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
CVE-2023-21173 | 1 Google | 1 Android | 2023-12-10 | N/A | 5.5 MEDIUM |
In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262741858 | |||||
CVE-2023-30922 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
CVE-2023-30915 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
CVE-2023-2714 | 1 Groundhogg | 1 Groundhogg | 2023-12-10 | N/A | 4.3 MEDIUM |
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key. | |||||
CVE-2022-48390 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 7.8 HIGH |
In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
CVE-2023-2189 | 1 Staxwp | 1 Stax | 2023-12-10 | N/A | 4.3 MEDIUM |
The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets. | |||||
CVE-2022-48448 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
CVE-2023-30521 | 1 Jenkins | 1 Assembla Merge Request Builder | 2023-12-10 | N/A | 5.3 MEDIUM |
A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. |