Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2022-12-13 CVE-2022-20240 Missing Authorization vulnerability in Google Android 12.0
In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check.
local
low complexity
google CWE-862
2.3
2.3
2022-12-13 CVE-2022-31699 Out-of-bounds Write vulnerability in VMWare Esxi 6.5/6.7
VMware ESXi contains a heap-overflow vulnerability.
local
low complexity
vmware CWE-787
3.3
3.3
2022-12-12 CVE-2022-45228 Cross-Site Request Forgery (CSRF) vulnerability in Dragino Lg01 Lora Firmware 4.3.4
Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page.
network
low complexity
dragino CWE-352
3.5
3.5
2022-12-10 CVE-2022-23485 Improper Privilege Management vulnerability in Sentry
Sentry is an error tracking and performance monitoring platform.
network
high complexity
sentry CWE-269
3.7
3.7
2022-12-08 CVE-2022-46825 Inadequate Encryption Strength vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.
local
low complexity
jetbrains CWE-326
3.3
3.3
2022-12-08 CVE-2022-39894 Unspecified vulnerability in Google Android 10.0/11.0/12.0
Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.
local
low complexity
google
3.3
3.3
2022-12-08 CVE-2022-39895 Unspecified vulnerability in Google Android 10.0/11.0/12.0
Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent.
local
low complexity
google
3.3
3.3
2022-12-08 CVE-2022-39896 Unspecified vulnerability in Google Android 10.0/11.0/12.0
Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.
local
low complexity
google
3.3
3.3
2022-12-08 CVE-2022-39898 Unspecified vulnerability in Google Android
Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim.
local
low complexity
google
3.3
3.3
2022-12-08 CVE-2022-39903 Incorrect Authorization vulnerability in Google Android
Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number.
local
low complexity
google CWE-863
3.3
3.3