Lucene search
K

97 matches found

OSV
OSV
added 2023/12/25 7:15 a.m.5 views

CVE-2023-28872

Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport location...

8.8CVSS5.8AI score0.00774EPSS
Exploits1References1
OSV
OSV
added 2023/11/28 9:15 p.m.4 views

CVE-2023-29066

The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders...

3.5CVSS5.8AI score0.00271EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.5 views

PT-2023-22123 · Unknown · Facschorus

Name of the Vulnerable Software and Affected Versions: FACSChorus affected versions not specified Description: The issue concerns improper assignment of data access privileges for operating system user accounts in the FACSChorus software. This allows a non-administrative OS account to modify...

3.5CVSS3.7AI score0.00271EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/09/26 8:14 p.m.24 views

CVE-2023-40429

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data...

5.9AI score0.00554EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/09/26 12:0 a.m.7 views

Apple iOS and iPadOS Security Vulnerabilities

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS 17 and iPadOS 17, which arises from an application that may be able to access...

5.5CVSS6.3AI score0.00308EPSS
Exploits0References9
hivepro
hivepro
added 2023/07/21 2:53 p.m.29 views

Turla Exploits Ukraine’s Defense Sector with DeliveryCheck Backdoor

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DeliveryCheck, a .NET-based backdoor, targets Ukraines defense sector, attributed to Russian actor Turla; it aims to exfiltrate Signal app data. Notably, it breaches Microsoft Exchange servers using...

6.8AI score
Exploits0
OSV
OSV
added 2023/05/04 2:15 a.m.4 views

CVE-2022-47757

In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load module...

9.8CVSS6AI score0.00956EPSS
Exploits0References1
OSV
OSV
added 2023/03/29 7:15 p.m.4 views

CVE-2022-36970

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

7.8CVSS6.2AI score0.00647EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2023/02/24 9:0 a.m.46 views

Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels

An investigation into data safety labels for Android apps available on the Google Play Store has uncovered "serious loopholes" that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its Privacy Not Included initiative, compar...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.8 views

BlogEngine 输入验证错误漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and so on. BlogEngine.NET v3.3.8.0 version of a security vulnerability , the vulnerability stems from the ability to create any folder with the prefix "files" under /AppData/...

9.8CVSS8.3AI score0.00752EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/01/18 12:0 a.m.10 views

PT-2023-13982 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.NET version 3.3.8.0 Description: The issue allows an attacker to create any folder with a files prefix under the /App Data/ directory. Recommendations: For BlogEngine.NET version 3.3.8.0, consider restricting access to the /App Dat...

9.8CVSS6.9AI score0.00752EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/01/06 12:0 a.m.4 views

PT-2023-1098 · Zoom · Zoom

Name of the Vulnerable Software and Affected Versions: Zoom for Android versions prior to 5.13.0 Description: The issue is related to incorrect restriction of the path name to a directory with limited access, allowing a third-party app to exploit this and read and write to the Zoom application da...

7.1CVSS6.7AI score0.00277EPSS
Exploits0References5
OSV
OSV
added 2022/08/16 8:15 a.m.5 views

CVE-2022-35734

'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

7.5CVSS5.8AI score0.00575EPSS
Exploits0References1
OSV
OSV
added 2022/08/05 4:15 p.m.2 views

CVE-2022-36834

Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction...

5CVSS5.8AI score0.00164EPSS
Exploits0References1
CVE
CVE
added 2022/08/05 3:18 p.m.65 views

CVE-2022-36834

CVE-2022-36834 affects Samsung Game Launcher prior to version 6.0.07. The issue is described as exposure of sensitive information that allows a local attacker to access app data with user interaction. The connected PT-Security entry explicitly recommends updating to version 6.0.07 or later to res...

5CVSS4.9AI score0.00164EPSS
Exploits0References1Affected Software1
Apple
Apple
added 2022/06/14 12:0 a.m.31 views

About the security content of Apple Music 3.9.10 for Android

About the security content of Apple Music 3.9.10 for Android This document describes the security content of Apple Music 3.9.10 for Android. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred...

7.5CVSS6.4AI score0.00613EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/11 8:15 p.m.3 views

CVE-2022-27576

Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission...

4.3CVSS5.9AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 2022/04/11 8:15 p.m.5 views

CVE-2022-27576

Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission...

3.3CVSS5.8AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.4 views

Samsung DeX Home 安全漏洞

Samsung DeX Home is a Samsung DeX application for PCs and Macs from Samsung South Korea.An information disclosure vulnerability exists in Samsung DeX Home, which stems from the lack of proper access authentication logic in Samsung DeX Home, and could be exploited to gain unauthorized access to...

4.3CVSS5.5AI score0.00258EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.4 views

SmarterTools SmarterTrack 代码问题漏洞

SmarterTools SmarterTrack is a customer service software from SmarterTools UK. It improves customer service and reduces support costs. SmarterTools SmarterTrack 100.0.8019.14010 A security vulnerability exists where an application using administrator or administrator privileges could be tricked...

9.1CVSS7.1AI score0.01978EPSS
Exploits0References3
Rows per page
Query Builder