CWE:
 

Tytuł
Data
Autor
Med.
Zoom 5.4.3 (54779.1115) / 5.5.4 (13142.0301) Information Disclosure
23.03.2021
Matthias Deeg


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-10-11
Waiting for details
CVE-2022-39015

Updating...
 

 
Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.

 
2022-08-05
Waiting for details
CVE-2022-35936

Updating...
 

 
Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract's code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state.

 
2022-07-17
Medium
CVE-2022-25357

Vendor: Pexip
Software: Pexip infinity
 

 
Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.

 
2022-07-12
Low
CVE-2022-30751

Vendor: Google
Software: Android
 

 
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.

 
Low
CVE-2022-30752

Vendor: Google
Software: Android
 

 
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.

 
Low
CVE-2022-33692

Vendor: Google
Software: Android
 

 
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.

 
Low
CVE-2022-33694

Vendor: Google
Software: Android
 

 
Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting.

 
Low
CVE-2022-33696

Vendor: Google
Software: Android
 

 
Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.

 
Low
CVE-2022-33698

Vendor: Google
Software: Android
 

 
Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.

 
Low
CVE-2022-33699

Vendor: Google
Software: Android
 

 
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top