CVE-2021-25382

An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command...

SAMSUNG Mobile devices 安全漏洞

Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. Google Android suffers from an authorization issue vulnerability that stems from misauthorization of the debugging command, which can be exploited by an attacker to gain unauthorized acces...

PT-2021-16573 · Samsung · Secure Folder

Name of the Vulnerable Software and Affected Versions: Secure Folder versions prior to SMR Oct-2020 Release 1 Description: The issue is related to an improper authorization of using a debugging command in Secure Folder, which allows unauthorized access to contents in Secure Folder via the debuggi...

Trend Micro HouseCall for Home Networks 安全漏洞

Trend Micro HouseCall for Home Networks is a suite of home network security scanning software from Trend Micro. The software supports scanning a wide range of home network devices and identifying network risks. An elevation of privilege vulnerability exists in Trend Micro HouseCall for Home...

Lex Li vscode-restructuredtext access control error vulnerability

Lex Li vscode-restructuredtext is a Lex Li open source application. This extension provides rich reStructuredText language support for Visual Studio Code.An access control error vulnerability exists in versions prior to Lex Li vscode-restructuredtext 146.0.0, which stems from the inclusion of an...

VulnCheck KEV: CVE-2020-24557

Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain...

Cross-site scripting in papermerge

Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...

GHSA-9W49-M7XH-5R39 Cross-site scripting in papermerge

Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...

CVE-2021-28793

vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration...

CVE-2021-28793

vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration...

CVE-2021-22539

An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint .bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recomme...

Exposure of .env if project root is configured as web root in shopware/production

Impact The .env and other sensitive files can be leaked if the project root and not /public is configured as the web root. Patches We recommend to update to the current version 6.3.5.3. You can get the update to 6.3.5.3 regularly via the Auto-Updater or directly via the download overview...

CVE-2021-25364

A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information...

CVE-2021-25364

A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information...

Spoofing

A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information...

CVE-2021-25364

CVE-2021-25364 affects Samsung Secure Folder prior to SMR APR-2021 Release 1, where a pendingIntent hijacking issue allows unprivileged apps to access contact information. The vulnerability is linked to Secure Folder’s handling of PendingIntents and exposes contact data locally. Affected software...

CVE-2021-25364

A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information...

PT-2021-16557 · Samsung · Secure Folder

Name of the Vulnerable Software and Affected Versions: Secure Folder versions prior to SMR APR-2021 Release 1 Description: A pendingIntent hijacking issue allows unprivileged applications to access contact information. Recommendations: For versions prior to SMR APR-2021 Release 1, update to SMR...

Microsoft SharePoint Server 2013 < 15.0.5285.1000 Multiple Vulnerabilities

According to its self-reported version number, the Microsoft SharePoint application running on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. - A...

CVE-2021-29658

The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder...