Advisories
| CVE | Status | Published | Link | Info |
|---|---|---|---|---|
| VULN-070117 | Released | Released | VULN-070117 | The misconfigured content provider bug in com.microsoft.launcher is disclosing issues with the proper functioning of this Android launcher application. |
| CVE-2022-43684 | Released | Released | CVE-2022-43684 | An XHR request to xmlhttp.do with the "ChartDataProcessor" processor in the POST request allows the enumeration of the ServiceNow GQL database, including read access to the `sys_user_session` and `sys_user_token` tables, which provide the necessary information to generate valid `glide_user_activity` and `glide_session_store` cookies, and the X-Usertoken header to allow privilege escalation to any previously authenticated user.. |
| CVE-2023-1406 | Released | Released | CVE-2023-1406 | The plugin includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. |
| CVE-2022-27838 | Released | Released | CVE-2022-27838 | ACL issue leading to system privileges |
| CVE-2021-25499 | Released | Released | CVE-2021-25499 | Intent redirection vulnerability in SamsungAccountSDKSigninActivity |