Total
29058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-30766 | 1 Kbdevice | 12 Kb-ahr04d, Kb-ahr04d Firmware, Kb-ahr08d and 9 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A. | |||||
| CVE-2023-30739 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
| Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. | |||||
| CVE-2023-30737 | 1 Samsung | 1 Health | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | |||||
| CVE-2023-30734 | 1 Samsung | 1 Health | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | |||||
| CVE-2023-30722 | 1 Samsung | 1 Blockchain Keystore | 2024-11-21 | N/A | 5.5 MEDIUM |
| Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code. | |||||
| CVE-2023-30718 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting. | |||||
| CVE-2023-30714 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.6 MEDIUM |
| Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock. | |||||
| CVE-2023-30711 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider. | |||||
| CVE-2023-30706 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.5 HIGH |
| Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege. | |||||
| CVE-2023-30704 | 1 Samsung | 1 Internet | 2024-11-21 | N/A | 3.8 LOW |
| Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication. | |||||
| CVE-2023-30674 | 1 Samsung | 1 Internet | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie. | |||||
| CVE-2023-30671 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.3 MEDIUM |
| Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application. | |||||
| CVE-2023-30667 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.1 MEDIUM |
| Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege. | |||||
| CVE-2023-30654 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location. | |||||
| CVE-2023-30640 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration. | |||||
| CVE-2023-30590 | 1 Nodejs | 1 Node.js | 2024-11-21 | N/A | 7.5 HIGH |
| The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values". The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad. | |||||
| CVE-2023-30589 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2024-11-21 | N/A | 7.5 HIGH |
| The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20 | |||||
| CVE-2023-30450 | 1 Redpanda | 1 Redpanda | 2024-11-21 | N/A | 4.3 MEDIUM |
| rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches. | |||||
| CVE-2023-30331 | 1 Beetl Project | 1 Beetl | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload. | |||||
| CVE-2023-30282 | 1 Prestashop | 1 Scexportcustomers | 2024-11-21 | N/A | 7.5 HIGH |
| PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table. | |||||