Local privilege escalation vulnerability in Windows clients of Netop Vision Pro up to and including 9.7.1 allows a local user to gain administrator privileges whilst using the clients. Date published : 2021-03-25 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/netop-vision-pro-distance-learning-software-is-20-20-in-hindsight
The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration...
An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without...
An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim’s web browser....
Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed. Date published : 2021-03-25 https://security.samsungmobile.com/serviceWeb.smsb https://security.samsungmobile.com/
Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission. Date published : 2021-03-25 https://security.samsungmobile.com/serviceWeb.smsb https://security.samsungmobile.com/
Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode’s authentication. Date published : 2021-03-25 https://security.samsungmobile.com/serviceWeb.smsb https://security.samsungmobile.com/
Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent. Date published : 2021-03-25 https://security.samsungmobile.com/serviceWeb.smsb https://security.samsungmobile.com/
Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink. Date published : 2021-03-25 https://security.samsungmobile.com/serviceWeb.smsb https://security.samsungmobile.com/
Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the PendingIntent. Date published : 2021-03-25 https://security.samsungmobile.com/serviceWeb.smsb https://security.samsungmobile.com/
Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent. Date published : 2021-03-25 https://security.samsungmobile.com/serviceWeb.smsb https://security.samsungmobile.com/
Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password. Date published : 2021-03-25 https://security.samsungmobile.com/serviceWeb.smsb https://security.samsungmobile.com/
Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log. Date published : 2021-03-25 https://security.samsungmobile.com/serviceWeb.smsb https://security.samsungmobile.com/
Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent. Date published : 2021-03-25 https://security.samsungmobile.com/serviceWeb.smsb https://security.samsungmobile.com/