| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability has been found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This vulnerability affects unknown code of the file /api/system/other of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This issue affects some unknown processing of the file /api/upload/image. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass. |
| Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing. |
|
Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system.
|
| 4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the cookie remains unchanged. |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). |
| Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4. |
| The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices. |
| The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications). |
| Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time. |
| The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled. |
| The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality. |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. |
| Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService. |
| Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. |
| Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information. |
| Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition. |
| An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled. |
