| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information. |
| Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.) |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. |
| SENS v1.0 is vulnerable to Incorrect Access Control vulnerability. |
| The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. |
| The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org |
| The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org |
| The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org |
| In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-231496105 |
| In aee, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08487630; Issue ID: MSV-1020. |