CVE-2022-20258

In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android I...

Design/Logic Flaw

In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android I...

CVE-2022-20258

In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android I...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. Mattermost is vulnerable to a default configuration error that could be exploited by an attacker to bypass some existing rate limits or to use a manipulated IP for audit logging by manipulating the request header...

The vulnerability of the Protect technology of the Yandex Browser allows a violator to conceal notifications of suspicious content.

The vulnerability of the Protect technology of the Yandex Browser is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to conceal notifications of suspicious content...

Samsung mobile ScanPool Information Disclosure Vulnerability (CNVD-2022-67279)

Samsung mobile is a cell phone from Samsung South Korea. Samsung mobile ScanPool is vulnerable to an information disclosure vulnerability that results from a configuration error in the network system or product during operation. A local attacker could use this vulnerability to obtain MAC address...

Samsung mobile 安全漏洞

Samsung mobile is a cell phone from Samsung South Korea. samsung mobile SemIWCMonitor is vulnerable to an information disclosure vulnerability that stems from a configuration error in the network system or product during operation. An attacker could exploit this vulnerability to obtain MAC addres...

Samsung mobile 安全漏洞

Samsung mobile is a cell phone from Samsung South Korea. Samsung mobile ScanPool is vulnerable to an information disclosure vulnerability that results from a configuration error in the network system or product during operation. A local attacker could use this vulnerability to obtain MAC address...

Microsoft Windows Remote Desktop Protocol Information Disclosure Vulnerability (CNVD-2022-70061)

Microsoft Windows Remote Desktop Protocol RDP is an application used to connect to remote Windows desktops from Microsoft Corporation USA.Microsoft Windows Remote Desktop is vulnerable to information disclosure. The vulnerability stems from a configuration or other error in the operation of the...

Google Android Information Disclosure Vulnerability (CNVD-2022-45920)

Google Android is a Linux-based open-source operating system from Google, a U.S. company. The vulnerability is caused by a configuration error in the network system or product during operation. An attacker could use this vulnerability to cause an information leak...

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from Google, a U.S. company. The vulnerability is caused by a configuration error in the network system or product during operation. An attacker could use this vulnerability to cause an information leak...

OWASP ESAPI Cross-Site Scripting Vulnerability

OWASP ESAPI is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. cross-site scripting vulnerabilities exist in versions of OWASP ESAPI prior to 2.3.0.0, which originate from the " onsiteURL" regular expression erro...

Microsoft Windows DNS Server Information Disclosure Vulnerability

Microsoft Windows is a set of operating systems for personal devices, Microsoft Windows Server is a set of server operating systems, and Windows DNS Server is one of the DNS Domain Name System servers. Vulnerability. The vulnerability is caused by a configuration error in the network system or...

7-Zip 缓冲区错误漏洞

7-Zip is a compression software. A buffer error vulnerability exists in 7-Zip 21.07 that allows privilege escalation and command execution when a file with the extension .7z is dragged into the HelpContents area. This is caused by a 7z.dll configuration error and heap overflow. The command runs i...

HPE OneView Information Disclosure Vulnerability

HPE OneView is a software from Hewlett Packard Enterprise HPE that facilitates automated device management for IT departments. HPE OneView versions prior to 6.6 contain an information disclosure vulnerability that stems from a configuration or other error in the operation of the network system or...

Linux kernel information disclosure vulnerability (CNVD-2022-79426)

Linux kernel is the kernel used by the Linux Foundation's open-source operating system Linux.KVM is one of the kernel-based virtual machines. Linux kernel suffers from an information disclosure vulnerability that arises from errors in configuration and other errors in the operation of a networked...

Pascom Cloud Phone System Path Traversal Vulnerability

Pascom Cloud Phone System is a cloud phone system from Pascom. Used to provide integrated communication solutions for businesses and individuals, Pascom Cloud Phone System is vulnerable to a path traversal vulnerability that stems from a configuration error before nginx and the back-end server...

Path traversal

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...

CVE-2021-45967

Pascom Cloud Phone System before 7.20.x is affected by a path traversal vulnerability caused by a configuration mismatch between NGINX and the backend Tomcat, exposing unintended endpoints. Multiple connected sources corroborate a pre-7.20.x issue with path traversal (and related exposure). Remed...

CVE-2021-45967

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...