Lucene search
K

361 matches found

Positive Technologies
Positive Technologies
added 2024/07/02 12:0 a.m.6 views

PT-2024-25997 · Unknown · System Property

Name of the Vulnerable Software and Affected Versions: System property versions prior to SMR Jul-2024 Release 1 Description: The issue is related to improper access control in system property, allowing local attackers to obtain the device identifier. Recommendations: For versions prior to SMR...

4CVSS6.9AI score0.00132EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/02 12:0 a.m.5 views

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices prior to SMR Jul-2024 Release 1, which stems from an improper access control issue in the system property. A local...

4CVSS6.4AI score0.00132EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.36 views

Apache Tomcat 7.0.0 < 7.0.72 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.72. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.72security-7 advisory. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC...

9.1CVSS6.4AI score0.10303EPSS
Exploits5References13
Vulnrichment
Vulnrichment
added 2024/05/13 1:53 p.m.27 views

CVE-2024-28866 GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up

GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 inclusive are potentially vulnerable to a reflected cross-site scripting vulnerability on the loading page displayed while GoCD is starting, via abuse of a redirectto query parameter with inadequate validation. Attackers...

3.1CVSS5.3AI score0.00419EPSS
Exploits0References4
OSV
OSV
added 2024/05/13 1:53 p.m.29 views

CVE-2024-28866 GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up

GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 inclusive are potentially vulnerable to a reflected cross-site scripting vulnerability on the loading page displayed while GoCD is starting, via abuse of a redirectto query parameter with inadequate validation. Attackers...

3.1CVSS4.1AI score0.00419EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.27 views

RHEL 5 : ant (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ant: insecure temporary file CVE-2020-11979 - Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the...

7AI score0.08235EPSS
Exploits0References2
NVD
NVD
added 2024/05/02 2:15 p.m.44 views

CVE-2024-34148

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'...

6.8CVSS6.8AI score0.00787EPSS
Exploits0References2
OSV
OSV
added 2024/05/02 2:15 p.m.18 views

CVE-2024-34148

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'...

6.8CVSS7AI score
Exploits0References2
CVE
CVE
added 2024/05/02 1:28 p.m.85 views

CVE-2024-34148

CVE-2024-34148 affects Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier, which programmatically disables the CVE-2016-3721 fix by setting the Java system property hudson.model.ParametersAction.keepUndefinedParameters on release-tag builds. The GitHub advisory states there is no...

6.8CVSS6.3AI score0.00787EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/04/22 3:15 p.m.17 views

CVE-2023-38301

An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...

3.4CVSS6.4AI score0.00165EPSS
Exploits0References1
NVD
NVD
added 2024/04/22 3:15 p.m.26 views

CVE-2023-38296

Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers...

8CVSS6.4AI score0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/22 12:0 a.m.26 views

CVE-2023-38296

Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers...

6.6AI score0.00266EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.4 views

PT-2024-12703 · Tcl +1 · Tcl 30Z +4

Name of the Vulnerable Software and Affected Versions: TCL 30Z versions 12/SP1A.210812.016/LV8E through 12/SP1A.210812.016/vU6X TCL A3X versions 11/RKQ1.201202.002/vAAZ through 11/RKQ1.201202.002/vABS TCL 20XE versions 11/RP1A.200720.011/PB7I-0 through 11/RP1A.200720.011/PB83-0 TCL 10L versions...

8.8CVSS6.2AI score0.00454EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/04/22 12:0 a.m.27 views

CVE-2023-38298

Various software builds for the following TCL devices 30Z, A3X, 20XE, 10L leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device...

6.6AI score0.00454EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/22 12:0 a.m.7 views

CVE-2023-38291

An issue was discovered in a third-party component related to ro.boot.wifimacaddr, shipped on devices from multiple device manufacturers. Various software builds for the following TCL devices 30Z and 10L and Motorola devices Moto G Pure and Moto G Power leak the Wi-Fi MAC address to a system...

6.7AI score0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/22 12:0 a.m.13 views

CVE-2023-38296

Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers...

6.7AI score0.00266EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/22 12:0 a.m.17 views

CVE-2023-38301

An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...

6.8AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2024/04/22 12:0 a.m.51 views

CVE-2023-38301

CVE-2023-38301 describes a third-party component issue in vendor.gsm.serial that lets any local app read the device serial number via the vendor.gsm.serial system property without permissions. Affected devices span multiple manufacturers: BLU View 2; Boost Mobile Celero 5G; Sharp Rouvo V; Motorol...

3.4CVSS6.7AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2024/04/22 12:0 a.m.52 views

CVE-2023-38298

CVE-2023-38298 affects TCL devices: 30Z, A3X, 20XE, and 10L. A high-privilege process leaks the IMEI to the system property gsm.device.imei0 , which can be read by any local app without permissions. This enables indirect IMEI exposure by non-privileged apps. Affected builds include specific TCL d...

8.8CVSS6.6AI score0.00454EPSS
Exploits0References1
CVE
CVE
added 2024/04/22 12:0 a.m.56 views

CVE-2023-38296

CVE-2023-38296 affects TCL 30Z and TCL A3X devices, where the ICCID is leaked to a system property (persist.sys.tctPowerIccid) accessible by any local app without permissions. The issue arises because a high-privilege process exposes the non-resettable device identifier indirectly. Affected build...

8CVSS6.6AI score0.00266EPSS
Exploits0References1
Rows per page
Query Builder