361 matches found
PT-2024-25997 · Unknown · System Property
Name of the Vulnerable Software and Affected Versions: System property versions prior to SMR Jul-2024 Release 1 Description: The issue is related to improper access control in system property, allowing local attackers to obtain the device identifier. Recommendations: For versions prior to SMR...
SAMSUNG Mobile devices security vulnerability
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices prior to SMR Jul-2024 Release 1, which stems from an improper access control issue in the system property. A local...
Apache Tomcat 7.0.0 < 7.0.72 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 7.0.72. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.72security-7 advisory. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC...
CVE-2024-28866 GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up
GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 inclusive are potentially vulnerable to a reflected cross-site scripting vulnerability on the loading page displayed while GoCD is starting, via abuse of a redirectto query parameter with inadequate validation. Attackers...
CVE-2024-28866 GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up
GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 inclusive are potentially vulnerable to a reflected cross-site scripting vulnerability on the loading page displayed while GoCD is starting, via abuse of a redirectto query parameter with inadequate validation. Attackers...
RHEL 5 : ant (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ant: insecure temporary file CVE-2020-11979 - Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the...
CVE-2024-34148
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'...
CVE-2024-34148
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'...
CVE-2024-34148
CVE-2024-34148 affects Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier, which programmatically disables the CVE-2016-3721 fix by setting the Java system property hudson.model.ParametersAction.keepUndefinedParameters on release-tag builds. The GitHub advisory states there is no...
CVE-2023-38301
An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...
CVE-2023-38296
Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers...
CVE-2023-38296
Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers...
PT-2024-12703 · Tcl +1 · Tcl 30Z +4
Name of the Vulnerable Software and Affected Versions: TCL 30Z versions 12/SP1A.210812.016/LV8E through 12/SP1A.210812.016/vU6X TCL A3X versions 11/RKQ1.201202.002/vAAZ through 11/RKQ1.201202.002/vABS TCL 20XE versions 11/RP1A.200720.011/PB7I-0 through 11/RP1A.200720.011/PB83-0 TCL 10L versions...
CVE-2023-38298
Various software builds for the following TCL devices 30Z, A3X, 20XE, 10L leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device...
CVE-2023-38291
An issue was discovered in a third-party component related to ro.boot.wifimacaddr, shipped on devices from multiple device manufacturers. Various software builds for the following TCL devices 30Z and 10L and Motorola devices Moto G Pure and Moto G Power leak the Wi-Fi MAC address to a system...
CVE-2023-38296
Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers...
CVE-2023-38301
An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...
CVE-2023-38301
CVE-2023-38301 describes a third-party component issue in vendor.gsm.serial that lets any local app read the device serial number via the vendor.gsm.serial system property without permissions. Affected devices span multiple manufacturers: BLU View 2; Boost Mobile Celero 5G; Sharp Rouvo V; Motorol...
CVE-2023-38298
CVE-2023-38298 affects TCL devices: 30Z, A3X, 20XE, and 10L. A high-privilege process leaks the IMEI to the system property gsm.device.imei0 , which can be read by any local app without permissions. This enables indirect IMEI exposure by non-privileged apps. Affected builds include specific TCL d...
CVE-2023-38296
CVE-2023-38296 affects TCL 30Z and TCL A3X devices, where the ICCID is leaked to a system property (persist.sys.tctPowerIccid) accessible by any local app without permissions. The issue arises because a high-privilege process exposes the non-resettable device identifier indirectly. Affected build...