Filtered by NVD-CWE-noinfo
Total 35577 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-21083 1 Google 1 Android 2025-02-05 7.8 High
In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without showing a privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252762941
CVE-2023-22611 1 Schneider-electric 3 Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020, Ecostruxure Geo Scada Expert 2021 2025-02-05 7.5 High
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)
CVE-2022-21413 3 Netapp, Oracle, Redhat 6 Active Iq Unified Manager, Oncommand Insight, Snapcenter and 3 more 2025-02-05 4.9 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2023-21092 1 Google 1 Android 2025-02-05 7.8 High
In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242040055
CVE-2023-21089 1 Google 1 Android 2025-02-05 7.8 High
In startInstrumentation of ActivityManagerService.java, there is a possible way to keep the foreground service alive while the app is in the background. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237766679
CVE-2023-21088 1 Google 1 Android 2025-02-05 7.8 High
In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-235823542
CVE-2023-21082 1 Google 1 Android 2025-02-05 5.5 Medium
In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-257030107
CVE-2023-21081 1 Google 1 Android 2025-02-05 7.8 High
In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-230492955
CVE-2023-20909 1 Google 1 Android 2025-02-05 5.5 Medium
In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243130512
CVE-2018-1457 3 Ibm, Linux, Microsoft 3 Engineering Requirements Management Doors, Linux Kernel, Windows 2025-02-05 9.8 Critical
An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208.
CVE-2017-1545 1 Ibm 1 Engineering Requirements Management Doors 2025-02-05 N/A
IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914.
CVE-2023-21099 1 Google 1 Android 2025-02-05 7.8 High
In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243377226
CVE-2024-27093 1 Lfprojects 1 Minder 2025-02-05 4.6 Medium
Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with policy (because the webhooks for the repo do not match any known repository in the database). When attempting to register a repo with a different repo ID, the registered provider must have admin on the named repo, or a 404 error will result. Similarly, if the stored provider token does not have repo access, then the remediations will not apply successfully. Lastly, it appears that reconciliation actions do not execute against repos with this type of mismatch. This appears to primarily be a potential denial-of-service vulnerability. This vulnerability is patched in version 0.20240226.1425+ref.53868a8.
CVE-2023-29924 1 Powerjob 1 Powerjob 2025-02-05 9.8 Critical
PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution.
CVE-2023-29921 1 Powerjob 1 Powerjob 2025-02-05 5.3 Medium
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface.
CVE-2023-29586 1 Codesector 1 Teracopy 2025-02-05 5.5 Medium
Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can copy arbitrary folders, and because the 143984 reference is about a different concern (unrelated to directory copying) that was fixed in 3.5b.
CVE-2023-28122 1 Ui 1 Desktop 2025-02-05 7.8 High
A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later.
CVE-2022-2507 1 Octopus 1 Octopus Server 2025-02-05 5.3 Medium
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
CVE-2022-29608 1 Opennetworking 1 Onos 2025-02-05 7.5 High
An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow rule, causing a network loop.
CVE-2023-48747 1 Booster 1 Booster For Woocommerce 2025-02-05 6.5 Medium
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through 7.1.2.