CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.
Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.
Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device.
Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page.
An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.
Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information.
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.
Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox.
Phone, S9+_firmware, S9+, S10_firmware, S10, Xcover_4_firmware, Xcover_4, Scx-824_firmware, Scx-824, Galaxy_s6_edge_firmware
2022-01-19
N/A
7.1 HIGH
A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent.
A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent.
