Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-31635 | 1 Jfinal | 1 Jfinal | 2024-02-28 | N/A | 9.8 CRITICAL |
Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function. | |||||
CVE-2022-42834 | 1 Apple | 1 Macos | 2024-02-28 | N/A | 3.3 LOW |
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression | |||||
CVE-2023-3574 | 1 Pimcore | 1 Customer Management Framework | 2024-02-28 | N/A | 6.5 MEDIUM |
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1. | |||||
CVE-2023-21505 | 1 Samsung | 1 Samsung Core Services | 2024-02-28 | N/A | 8.6 HIGH |
Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox. | |||||
CVE-2023-30674 | 1 Samsung | 1 Internet | 2024-02-28 | N/A | 6.5 MEDIUM |
Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie. | |||||
CVE-2023-33251 | 2 Lightbend, Linux | 2 Akka Http, Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946. | |||||
CVE-2023-34761 | 1 7-eleven | 2 Hello Cup, Led Message Cup | 2024-02-28 | N/A | 6.5 MEDIUM |
An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter. | |||||
CVE-2023-29297 | 1 Adobe | 2 Commerce, Magento | 2024-02-28 | N/A | 7.2 HIGH |
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction. | |||||
CVE-2023-28360 | 1 Brave | 1 Brave | 2024-02-28 | N/A | 4.3 MEDIUM |
An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user. | |||||
CVE-2023-29294 | 1 Adobe | 2 Commerce, Magento | 2024-02-28 | N/A | 4.3 MEDIUM |
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction. | |||||
CVE-2023-34672 | 1 Elenos | 2 Etg150, Etg150 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases. | |||||
CVE-2023-26466 | 1 Pega | 1 Synchronization Engine | 2024-02-28 | N/A | 7.8 HIGH |
A user with non-Admin access can change a configuration file on the client to modify the Server URL. | |||||
CVE-2022-39074 | 1 Zte | 34 Axon 40 Ultra, Axon 40 Ultra Firmware, Blade A31 and 31 more | 2024-02-28 | N/A | 3.3 LOW |
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission. | |||||
CVE-2023-25515 | 2 Microsoft, Nvidia | 10 Windows, Cloud Gaming, Geforce and 7 more | 2024-02-28 | N/A | 7.6 HIGH |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure. | |||||
CVE-2023-26546 | 1 Echa.europa | 1 Iuclid | 2024-02-28 | N/A | 8.8 HIGH |
European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission. | |||||
CVE-2023-23562 | 1 Stormshield | 1 Endpoint Security | 2024-02-28 | N/A | 4.3 MEDIUM |
Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. | |||||
CVE-2022-48478 | 1 Huawei | 1 Harmonyos | 2024-02-28 | N/A | 9.8 CRITICAL |
The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | |||||
CVE-2023-21098 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260567867 | |||||
CVE-2022-39075 | 1 Zte | 34 Axon 40 Ultra, Axon 40 Ultra Firmware, Blade A31 and 31 more | 2024-02-28 | N/A | 7.1 HIGH |
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission. | |||||
CVE-2023-23561 | 1 Stormshield | 1 Endpoint Security | 2024-02-28 | N/A | 5.5 MEDIUM |
Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information. |