Latest CVE Feed
-
3.3
LOWCVE-2014-3714
The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overf... Read more
Affected Products : xen- EPSS Score: %0.18
- Published: May. 19, 2014
- Modified: Apr. 12, 2025
-
3.3
LOWCVE-2022-39904
Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the Network Access Identifier via log.... Read more
- EPSS Score: %0.02
- Published: Dec. 08, 2022
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2022-20267
In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed ... Read more
Affected Products : android- EPSS Score: %0.02
- Published: Aug. 12, 2022
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2022-30751
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.... Read more
- EPSS Score: %0.02
- Published: Jul. 12, 2022
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2022-20537
In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional executi... Read more
Affected Products : android- EPSS Score: %0.03
- Published: Dec. 16, 2022
- Modified: Apr. 18, 2025
-
3.3
LOWCVE-2022-35906
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a DGN file containing crafted data can force an out-of-bounds read. Exp... Read more
- EPSS Score: %0.06
- Published: Jul. 15, 2022
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2022-20309
In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. U... Read more
Affected Products : android- EPSS Score: %0.01
- Published: Aug. 12, 2022
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2023-32464
Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and ... Read more
- EPSS Score: %0.06
- Published: Jun. 23, 2023
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2022-4773
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to... Read more
Affected Products : cloudsync- EPSS Score: %0.04
- Published: Dec. 28, 2022
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2022-23649
Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. Thi... Read more
Affected Products : cosign- EPSS Score: %0.05
- Published: Feb. 18, 2022
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2013-6124
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by... Read more
Affected Products : android-msm- EPSS Score: %0.03
- Published: Aug. 31, 2014
- Modified: Apr. 12, 2025
-
3.3
LOWCVE-2012-4046
The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.... Read more
- EPSS Score: %0.05
- Published: Dec. 24, 2012
- Modified: Apr. 11, 2025
-
3.3
LOWCVE-2022-30753
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.... Read more
- EPSS Score: %0.02
- Published: Jul. 12, 2022
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2015-5044
The Flow Collector in IBM Security QRadar QFLOW 7.1.x before 7.1 MR2 Patch 11 IF3 and 7.2.x before 7.2.5 Patch 4 IF3 allows remote attackers to cause a denial of service via unspecified packets.... Read more
Affected Products : qradar_security_information_and_event_manager- EPSS Score: %0.24
- Published: Nov. 08, 2015
- Modified: Apr. 12, 2025
-
3.3
LOWCVE-2013-2105
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.... Read more
Affected Products : show_in_browser- EPSS Score: %0.06
- Published: Apr. 22, 2014
- Modified: Apr. 12, 2025
-
3.3
LOWCVE-2011-4116
_is_safe in the File::Temp module for Perl does not properly handle symlinks.... Read more
Affected Products : file\- EPSS Score: %0.16
- Published: Jan. 31, 2020
- Modified: Aug. 04, 2025
-
3.3
LOWCVE-2009-3614
liboping 1.3.2 allows users reading arbitrary files upon the local system.... Read more
- EPSS Score: %0.12
- Published: Nov. 09, 2019
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2023-28473
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.... Read more
- EPSS Score: %0.14
- Published: Apr. 28, 2023
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2023-40137
In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for ... Read more
Affected Products : android- EPSS Score: %0.02
- Published: Oct. 27, 2023
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2021-1032
In getMimeGroup of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional exec... Read more
Affected Products : android- EPSS Score: %0.01
- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024