Total
2747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48446 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-06-10 | N/A | 5.5 MEDIUM |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2022-48445 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-06-10 | N/A | 5.5 MEDIUM |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2022-48444 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-06-10 | N/A | 5.5 MEDIUM |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2022-48443 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-06-10 | N/A | 5.5 MEDIUM |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2022-48442 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-06-10 | N/A | 5.5 MEDIUM |
| In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2022-48441 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-06-10 | N/A | 5.5 MEDIUM |
| In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2022-48440 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-06-10 | N/A | 5.5 MEDIUM |
| In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2022-48392 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-06-09 | N/A | 7.8 HIGH |
| In dialer service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-48391 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-06-09 | N/A | 5.5 MEDIUM |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2022-48390 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-06-09 | N/A | 7.8 HIGH |
| In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-3244 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2023-06-07 | N/A | 4.2 MEDIUM |
| The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce | |||||
| CVE-2023-32311 | 1 Fit2cloud | 1 Cloudexplorer | 2023-06-03 | N/A | 4.3 MEDIUM |
| CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-32316 | 1 Fit2cloud | 1 Cloudexplorer | 2023-06-03 | N/A | 4.3 MEDIUM |
| CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-24605 | 1 Open-xchange | 1 Ox App Suite | 2023-06-02 | N/A | 4.2 MEDIUM |
| OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens. | |||||
| CVE-2023-33948 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2023-06-01 | N/A | 7.5 HIGH |
| The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL. | |||||
| CVE-2023-33983 | 1 Briarproject | 1 Briar | 2023-06-01 | N/A | 7.4 HIGH |
| The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties. | |||||
| CVE-2023-2945 | 1 Open-emr | 1 Openemr | 2023-06-01 | N/A | 5.4 MEDIUM |
| Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. | |||||
| CVE-2023-31826 | 1 Skyscreamer | 1 Nevado Jms | 2023-05-30 | N/A | 7.8 HIGH |
| Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data. | |||||
| CVE-2022-1329 | 1 Elementor | 1 Website Builder | 2023-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2. | |||||
| CVE-2023-32677 | 1 Zulip | 1 Zulip | 2023-05-26 | N/A | 3.1 LOW |
| Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite a new user also allows them to set the streams that the new user is invited to -- even if the inviting user would not have permissions to add an existing user to streams. While such a configuration is likely rare in practice, the behavior does violate security-related controls. This does not let a user invite new users to streams they cannot see, or would not be able to add users to if they had that general permission. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may limit sending of invitations down to users who also have the permission to add users to streams. | |||||