| Page(s) : 1 ... 67 68 69 70 71 72 73 74 75 76 [77] 78 79 80 81 82 83 84 85 86 87 ... | Result(s) : 8818 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 3.5 | 2022-01-10 | CVE-2022-22116 | cve | In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low priv... |
| 3.5 | 2022-01-10 | CVE-2022-22117 | cve | In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerabil... |
| 2.7 | 2022-01-10 | CVE-2021-38894 | cve | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the brows... |
| 3.3 | 2022-01-10 | CVE-2022-22266 | cve | (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi ... |
| 3.3 | 2022-01-10 | CVE-2022-22267 | cve | Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information. |
| 3.3 | 2022-01-10 | CVE-2022-22269 | cve | Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. |
| 3.3 | 2022-01-10 | CVE-2022-22270 | cve | An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information. |
| 3.3 | 2022-01-10 | CVE-2022-22272 | cve | Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission |
| 3.3 | 2022-01-10 | CVE-2022-22283 | cve | Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App. |
| 3 | 2022-01-07 | CVE-2021-25743 | cve | kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fie... |
| 3.5 | 2022-01-05 | CVE-2021-22567 | cve | Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appear... |
| 3.5 | 2022-01-03 | CVE-2021-45916 | cve | The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response ... |
| 3.5 | 2021-12-25 | CVE-2021-45486 | cve | In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. |
| 3.3 | 2021-12-23 | CVE-2017-2375 | cve | An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for C... |
| 3.5 | 2021-12-20 | CVE-2021-43842 | cve | Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG f... |
| 3.3 | 2021-12-20 | CVE-2021-43030 | cve | Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose arbitrary data on affected ins... |
| 3.3 | 2021-12-20 | CVE-2021-44182 | cve | Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage th... |
| 3.3 | 2021-12-20 | CVE-2021-44183 | cve | Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage th... |
| 3.3 | 2021-12-15 | CVE-2021-0978 | cve | In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel i... |
| 3.3 | 2021-12-15 | CVE-2021-0982 | cve | In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. This could lead to local in... |
| Page(s) : 1 ... 67 68 69 70 71 72 73 74 75 76 [77] 78 79 80 81 82 83 84 85 86 87 ... | Result(s) : 8818 |
