Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-21239 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-40136 | 1 Google | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-21407 | 1 Axis | 1 License Plate Verifier | 2024-02-28 | N/A | 8.8 HIGH |
A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges. | |||||
CVE-2023-4640 | 1 Yugabyte | 1 Yugabytedb | 2024-02-28 | N/A | 7.5 HIGH |
The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3 | |||||
CVE-2023-40133 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-35680 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-31020 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2024-02-28 | N/A | 7.1 HIGH |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering. | |||||
CVE-2023-5102 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-02-28 | N/A | 5.3 MEDIUM |
Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests. | |||||
CVE-2023-46813 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 7.0 HIGH |
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. | |||||
CVE-2023-38741 | 4 Hp, Ibm, Linux and 1 more | 5 Hp-ux, Aix, Txseries For Multiplatform and 2 more | 2024-02-28 | N/A | 7.5 HIGH |
IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905. | |||||
CVE-2023-46245 | 1 Kimai | 1 Kimai | 2024-02-28 | N/A | 7.2 HIGH |
Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML rendering functionalities. Version 2.1.0 enables security measures for custom Twig templates. | |||||
CVE-2023-26077 | 2 Atera, Microsoft | 2 Atera, Windows | 2024-02-28 | N/A | 7.8 HIGH |
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions. | |||||
CVE-2023-42555 | 1 Samsung | 1 Easysetup | 2024-02-28 | N/A | 5.5 MEDIUM |
Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device. | |||||
CVE-2023-38752 | 1 Jpcert | 1 Special Interest Group Network For Analysis And Liaison | 2024-02-28 | N/A | 4.3 MEDIUM |
Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings. | |||||
CVE-2023-30654 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location. | |||||
CVE-2021-40699 | 1 Adobe | 1 Coldfusion | 2024-02-28 | N/A | 7.4 HIGH |
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. | |||||
CVE-2023-32645 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability. | |||||
CVE-2023-30739 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. | |||||
CVE-2023-5563 | 1 Zephyrproject | 1 Zephyr | 2024-02-28 | N/A | 7.5 HIGH |
The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception. | |||||
CVE-2023-32809 | 2 Google, Mediatek | 35 Android, Mt2713, Mt6779 and 32 more | 2024-02-28 | N/A | 4.4 MEDIUM |
In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849753; Issue ID: ALPS07849753. |