Lucene search
K

72 matches found

OSV
OSV
added 2024/05/30 12:15 p.m.6 views

CVE-2022-43841

IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078...

3.3CVSS5.8AI score0.00158EPSS
Exploits0References2
OSV
OSV
added 2024/02/15 11:15 p.m.7 views

CVE-2023-40124

In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6AI score
Exploits0References2
NVD
NVD
added 2024/02/15 11:15 p.m.19 views

CVE-2023-40124

In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00089EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/15 10:31 p.m.24 views

CVE-2023-40124

In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2AI score0.00089EPSS
Exploits0References2
CVE
CVE
added 2024/02/15 10:31 p.m.6365 views

CVE-2023-40124

CVE-2023-40124 involves a local information disclosure (cross-user read) due to a confused deputy. Public docs from NVD/Red Hat/OSV describe impact as local, with no execution privileges required and no user interaction needed. Android security bulletin entries for 2023-11-01/05 group this under ...

5.5CVSS6AI score0.00089EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/15 10:31 p.m.9 views

CVE-2023-40124

In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation...

6.3AI score0.00089EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/15 12:0 a.m.9 views

PT-2024-12855 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a confused deputy, which could lead to a cross-user read. This might result in the local information disclosure of photos or oth...

5.5CVSS6.2AI score0.00089EPSS
Exploits0References6
OSV
OSV
added 2024/02/10 4:15 p.m.4 views

CVE-2024-22312

IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748...

5.5CVSS5.8AI score0.00153EPSS
Exploits0References2
OSV
OSV
added 2023/12/04 11:15 p.m.4 views

CVE-2023-40073

In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00134EPSS
Exploits0References2
OSV
OSV
added 2023/12/04 11:15 p.m.1 views

UBUNTU-CVE-2023-40073

In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00134EPSS
Exploits0References3
OSV
OSV
added 2023/11/01 12:0 a.m.36 views

ASB-A-272025416

In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.1AI score0.00089EPSS
Exploits0References2
OSV
OSV
added 2023/10/30 5:15 p.m.2 views

CVE-2023-21312

In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00088EPSS
Exploits0References1
OSV
OSV
added 2023/08/14 10:15 p.m.6 views

CVE-2023-21279

In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00089EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/14 12:0 a.m.5 views

PT-2023-18058 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a possible cross-user media read due to a confused deputy in the visitUris method of RemoteViews.java. This could lead to local information disclosure with no...

5.5CVSS5AI score0.00089EPSS
Exploits0References4
OSV
OSV
added 2023/08/01 12:0 a.m.28 views

ASB-A-277741109

In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.1AI score0.00089EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/15 7:15 p.m.2 views

CVE-2023-21105

In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

5.5CVSS6.3AI score0.00103EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/12 3:15 p.m.6 views

CVE-2022-20263

In ActivityManager, there is a way to read process state for other users due to a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Andro...

5.5CVSS6.1AI score0.00089EPSS
Exploits0References2
OSV
OSV
added 2022/06/16 11:45 p.m.2 views

GHSA-5PHC-849H-VCXG `Read` on uninitialized buffer can cause UB (impl of `ReadKVExt`)

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

9.8CVSS7.3AI score0.01191EPSS
Exploits0References3
OSV
OSV
added 2022/06/16 11:44 p.m.2 views

GHSA-72R2-RG28-47V9 `read` on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)

Affected versions of this crate calls a user provided Read implementation on an uninitialized buffer. Read on uninitialized buffer is defined as undefined behavior in Rust...

7.5CVSS7.2AI score0.01059EPSS
Exploits0References3
OSV
OSV
added 2022/01/06 10:12 p.m.16 views

GHSA-FF2R-XPWQ-6WHJ Use of Uninitialized Resource in gfx-auxil

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

9.8CVSS6AI score0.01191EPSS
Exploits0References5
Rows per page
Query Builder