In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This…

In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to…

In the SEPolicy configuration of system apps, there is a possible access to the ‘ip’ utility due to an insecure default value. This could lead…

A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the…

Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This…

An XSS exists in automation controller UI where the project name is susceptible to XSS injection Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için…

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can’t…

Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn’t have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request…

In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible user after free due to a race condition. This could lead to local escalation of privilege with…

In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This…