Total
320 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-56963 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
| An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-56962 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
| An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-56960 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
| An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-56959 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
| An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-56957 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
| An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-56955 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
| An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-56954 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
| An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-56953 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
| An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link. | |||||
| CVE-2024-56952 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
| An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link. | |||||
| CVE-2024-56951 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
| An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-56950 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
| An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-56949 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
| An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-56948 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
| An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-56947 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
| An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2022-38090 | 1 Intel | 454 Celeron J1750, Celeron J1750 Firmware, Celeron J1800 and 451 more | 2025-01-28 | N/A | 6.0 MEDIUM |
| Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2025-21299 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-24 | N/A | 7.1 HIGH |
| Windows Kerberos Security Feature Bypass Vulnerability | |||||
| CVE-2021-42718 | 2025-01-24 | N/A | 4.9 MEDIUM | ||
| Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container definitions with environment variables through the Admin Console API on port 8800. This CVE was originally reserved in 2021 and later publicly disclosed by Replicated on their website on 21 October 2021. However, it mistakenly remained in the Reserved But Public (RBP) status with the CVE Numbering Authority (CNA). Please note that this product reached its end of life on 31 December 2024. Publishing this CVE with the CNA was required to comply with CNA rules, despite the fact that the issue was disclosed and fixed four years ago, and the affected product is no longer supported as of 2024. Summary of VulnerabilityThis advisory discloses a low severity security vulnerability in the versions of Replicated Classic listed above (“Affected Replicated Classic Versions”) DescriptionReplicated Classic versions prior to 2.53.1 have an authenticated API from the Replicated Admin Console that may expose sensitive data including application secrets, depending on how the application manifests are written. A user with valid credentials and access to the Admin Console port (8800) on the Replicated Classic server can retrieve container definitions including environment variables which may contain passwords and other secrets depending on how the application is configured. This data is shared over authenticated sessions to the Admin Console only, and was never displayed or used in the application processing. To remediate this issue, we removed the sensitive data from the API, sending only the data to the Admin Console that was needed. TimelineThis issue was discovered during a security review on 16 September 2021. Patched versions were released on 23 September 2021. This advisory was published on 21 October 2021. The CVE Numbering Authority (CNA) notified Replicated on 23 January 2025 that the CVE was still in Reserved But Public (RBP) status. Upon discovering the oversight in updating the status to published with the CNA, Replicated submitted the updated report on the same day, 23 January 2025. | |||||
| CVE-2024-56113 | 2025-01-23 | N/A | 7.5 HIGH | ||
| Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page. | |||||
| CVE-2024-53932 | 2025-01-23 | N/A | 9.1 CRITICAL | ||
| The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.remi.colorphone.callscreen.calltheme.callerscreen.dialer.DialerActivity component. | |||||
| CVE-2024-53931 | 2025-01-23 | N/A | 9.1 CRITICAL | ||
| The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.screen.DialerActivity component. | |||||