curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.0).
In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0).
An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. Rated medium severity (CVSS 6.4). No vendor patch available.
A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. Rated medium severity (CVSS 6.4). No vendor patch available.
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
This affects the package Flask-Unchained before 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.
A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.