Advisories
Vulnerability disclosures and security advisories.
| CVE | Patch status | Info |
|---|---|---|
| VULN-070117 | Released | Misconfigured Microsoft Content Provider — The misconfigured content provider bug in com.microsoft.launcher is disclosing issues with the proper functioning of this Android launcher application. |
| CVE-2022-43684 | Released | ServiceNow Insecure Access Control To Full Admin Takeover — An XHR request to xmlhttp.do with the "ChartDataProcessor" processor in the POST request allows the enumeration of the ServiceNow GQL database, including read access to the `sys_user_session` and `sys_user_token` tables, which provide the necessary information to generate valid `glide_user_activity` and `glide_session_store` cookies, and the X-Usertoken header to allow privilege escalation to any previously authenticated user.. |
| CVE-2023-1406 | Released | JetEngine < 3.1.3.1 - Author+ Remote Code Execution — The plugin includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. |
| CVE-2022-27838 | Released | Improper access control in Factory Camera — ACL issue leading to system privileges. |