Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-37935 | 1 Fortinet | 1 Fortios | 2024-02-28 | N/A | 7.5 HIGH |
A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. | |||||
CVE-2023-21238 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-36634 | 1 Fortinet | 1 Fortiap-u | 2024-02-28 | N/A | 8.8 HIGH |
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments. | |||||
CVE-2023-3277 | 1 Inspireui | 1 Mstore Api | 2024-02-28 | N/A | 9.8 CRITICAL |
The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. We are disclosing this issue as the developer has not yet released a patch, but continues to release updates and we escalated this issue to the plugin's team 30 days ago. | |||||
CVE-2023-32634 | 1 Softether | 1 Vpn | 2024-02-28 | N/A | 7.4 HIGH |
An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability. | |||||
CVE-2023-32285 | 1 Intel | 134 Compute Element Stk2mv64cc, Compute Element Stk2mv64cc Firmware, Nuc Board Nuc7i3bnb and 131 more | 2024-02-28 | N/A | 4.4 MEDIUM |
Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. | |||||
CVE-2023-34984 | 1 Fortinet | 1 Fortiweb | 2024-02-28 | N/A | 8.8 HIGH |
A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | |||||
CVE-2023-41960 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2024-02-28 | N/A | 3.3 LOW |
The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself. | |||||
CVE-2023-28385 | 2 Intel, Microsoft | 2 Next Unit Of Computing Firmware, Windows | 2024-02-28 | N/A | 6.7 MEDIUM |
Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access. | |||||
CVE-2023-30706 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 4.9 MEDIUM |
Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege. | |||||
CVE-2023-3648 | 1 Wireshark | 1 Wireshark | 2024-02-28 | N/A | 5.5 MEDIUM |
Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file | |||||
CVE-2023-2003 | 1 Unitronicsplc | 2 Vision1210, Vision1210 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device. | |||||
CVE-2023-40127 | 1 Google | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-34209 | 1 Easyuse | 1 Mailhunter Ultimate | 2024-02-28 | N/A | 4.3 MEDIUM |
Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter. | |||||
CVE-2023-36131 | 1 Phpjabbers | 1 Availability Booking Calendar | 2024-02-28 | N/A | 9.8 CRITICAL |
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter. | |||||
CVE-2023-21285 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-30711 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider. | |||||
CVE-2023-38334 | 1 Omnis | 1 Studio | 2024-02-28 | N/A | 6.5 MEDIUM |
Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation." | |||||
CVE-2023-27509 | 1 Intel | 1 Ispc Software Installer | 2024-02-28 | N/A | 7.8 HIGH |
Improper access control in some Intel(R) ISPC software installers before version 1.19.0 may allow an authenticated user to potentially enable escalation of privileges via local access. | |||||
CVE-2023-39218 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2024-02-28 | N/A | 4.9 MEDIUM |
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. |