Latest CVE Feed
-
5.5
MEDIUMCVE-2020-9064
Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerabil... Read more
- Published: Mar. 12, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-10169
Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Operation Security). The supported version that is affected is 4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the ... Read more
Affected Products : hospitality_9700- Published: Aug. 08, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-10056
Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Property Management Systems). The supported version that is affected is 4.0. Easily exploitable vulnerability allows low privileged attacker with logo... Read more
Affected Products : hospitality_9700- Published: Aug. 08, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2021-46649
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or... Read more
- Published: Feb. 18, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-19696
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allow... Read more
Affected Products : password_manager- Published: Jan. 18, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2023-40650
In Telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed... Read more
- Published: Oct. 08, 2023
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2022-48458
In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed... Read more
- Published: Nov. 01, 2023
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2023-32825
In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP... Read more
- Published: Nov. 06, 2023
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2022-33172
de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC.... Read more
Affected Products : de.fac2- Published: Aug. 24, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2022-26394
The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.... Read more
- Published: Sep. 09, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-1995
In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient... Read more
Affected Products : android- Published: Feb. 28, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2016-0591
Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supplier Change.... Read more
- Published: Jan. 21, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2008-2601
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors.... Read more
Affected Products : e-business_suite- Published: Jul. 15, 2008
- Modified: Apr. 09, 2025
-
5.5
MEDIUMCVE-2021-0682
In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is... Read more
Affected Products : android- Published: Oct. 06, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-25453
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.... Read more
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-8668
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. Processing a maliciously crafted image may lead to a denial of service.... Read more
- Published: Oct. 27, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-0500
In startInputUncheckedLocked of InputMethodManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploi... Read more
Affected Products : android- Published: Dec. 15, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-2038
In rw_i93_process_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Prod... Read more
Affected Products : android- Published: Apr. 19, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2004-2331
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.... Read more
Affected Products : coldfusion- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
5.5
MEDIUMCVE-2011-3993
SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to... Read more
- Published: Nov. 03, 2011
- Modified: Apr. 11, 2025