462 matches found
CVE-2023-20934
In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20551
In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-20551
CVE-2022-20551 affects Android, specifically AudioFlinger.cpp createTrack in Android 12–13. Root cause is a logic error that can allow recording audio without a privacy indicator, enabling local elevation of privilege with System privileges required and no user interaction. Documents consistently...
CVE-2023-20934
In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-20934
In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
PT-2023-12659 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-12 through Android-13 Description: The issue is related to a logic error in the code of AudioFlinger.cpp, specifically in the createTrack function. This error allows for the possibility of recording audio without a...
SUSE CVE-2009-3984
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content aka 204 status code and an empty...
SUSE CVE-2015-8217
The ffhevcparsesps function in libavcodec/hevcps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted High Efficiency Video Coding HEVC da...
SUSE CVE-2016-5298
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox 50...
SUSE CVE-2017-13741
There is a use-after-free in the function compileBrailleIndicator in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack...
SUSE CVE-2020-15954
KDE KMail 19.12.3 aka 5.13.3 engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use...
SUSE CVE-2020-17367
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection...
CVE-2023-22863
creationtimestamp| type| source ---|---|--- 2023-01-18 22:21:40+00:00| seen| https://t.me/cibsecurity/56705...
CVE-2022-4648
creationtimestamp| type| source ---|---|--- 2023-01-16 18:24:26+00:00| seen| https://t.me/cibsecurity/56550...
Eramba 跨站脚本漏洞
Eramba is an open source, enterprise-level IT governance application from Eramba UK. The program has features such as IT security, compliance auditing and analysis. A security vulnerability exists in Eramba GRC Software version c2.8.1, which stems from a KPI Title text field in its Add feature th...
CentOS 8 : virt:rhel and virt-devel:rhel (CESA-2022:7472)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7472 advisory. - QEMU: fdc: heap buffer overflow in DMA read data transfers CVE-2021-3507 - libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to deni...
CVE-2022-39382
creationtimestamp| type| source ---|---|--- 2022-11-03 17:20:56+00:00| seen| https://t.me/cibsecurity/52517...
CVE-2022-22223
On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping PHP nodes with link aggregation group LAG interfaces, an Improper Validation of Specified Index, Position, or Offset in Input weakness allows an attacker sending certain IP packet...
Input validation
On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping PHP nodes with link aggregation group LAG interfaces, an Improper Validation of Specified Index, Position, or Offset in Input weakness allows an attacker sending certain IP packet...
CVE-2022-22223 Junos OS: QFX10000 Series: In IP/MPLS PHP node scenarios upon receipt of certain crafted packets multiple interfaces in LAG configurations may detach.
On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping PHP nodes with link aggregation group LAG interfaces, an Improper Validation of Specified Index, Position, or Offset in Input weakness allows an attacker sending certain IP packet...