Search
Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45145 | 3 Debian, Fedoraproject, Redis | 3 Debian Linux, Fedora, Redis | 2023-11-16 | N/A | 3.6 LOW |
| Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. | |||||
| CVE-2023-3299 | 1 Hashicorp | 1 Nomad | 2023-07-27 | N/A | 2.7 LOW |
| HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11. | |||||
| CVE-2023-32394 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-07-27 | N/A | 2.4 LOW |
| The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen. | |||||
| CVE-2022-33694 | 1 Google | 1 Android | 2022-07-15 | 2.1 LOW | 3.3 LOW |
| Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting. | |||||
| CVE-2021-20551 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2022-06-30 | 2.1 LOW | 3.3 LOW |
| IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149. | |||||
| CVE-2022-30728 | 1 Google | 1 Android | 2022-06-11 | 2.1 LOW | 3.3 LOW |
| Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | |||||
| CVE-2022-30714 | 1 Google | 1 Android | 2022-06-11 | 2.1 LOW | 3.3 LOW |
| Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | |||||
| CVE-2022-28794 | 1 Google | 1 Android | 2022-06-11 | 2.1 LOW | 3.3 LOW |
| Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. | |||||
| CVE-2022-29820 | 1 Jetbrains | 1 Pycharm | 2022-05-05 | 3.3 LOW | 3.5 LOW |
| In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible | |||||
| CVE-2021-22468 | 1 Huawei | 1 Harmonyos | 2022-05-03 | 2.1 LOW | 3.3 LOW |
| A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Local attackers may exploit this vulnerability to cause kernel address leakage. | |||||
| CVE-2021-39628 | 1 Google | 1 Android | 2022-01-15 | 2.1 LOW | 3.3 LOW |
| In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-189575031 | |||||
| CVE-2021-36319 | 1 Dell | 1 Networking Os10 | 2021-11-23 | 2.1 LOW | 3.3 LOW |
| Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages. | |||||
| CVE-2021-26309 | 1 Jetbrains | 1 Teamcity | 2021-05-19 | 2.1 LOW | 3.3 LOW |
| Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions. | |||||
| CVE-2020-11931 | 2 Canonical, Pulseaudio | 2 Ubuntu Linux, Pulseaudio | 2020-05-19 | 2.1 LOW | 3.3 LOW |
| An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; | |||||
| CVE-2017-8418 | 1 Rubocop Project | 1 Rubocop | 2019-10-03 | 2.1 LOW | 3.3 LOW |
| RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users. | |||||