Total
28982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1094 | 1 Monicahq | 1 Monica | 2024-02-28 | N/A | 8.8 HIGH |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter. | |||||
| CVE-2022-39071 | 1 Zte | 34 Axon 40 Ultra, Axon 40 Ultra Firmware, Blade A31 and 31 more | 2024-02-28 | N/A | 7.1 HIGH |
| There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission. | |||||
| CVE-2023-28877 | 1 Vtex | 1 Apps-graphql | 2024-02-28 | N/A | 7.5 HIGH |
| The VTEX apps-graphql@2.x GraphQL API module does not properly restrict unauthorized access to private configuration data. (apps-graphql@3.x is unaffected by this issue.) | |||||
| CVE-2023-32622 | 1 Wavlink | 2 Wl-wn531ax2, Wl-wn531ax2 Firmware | 2024-02-28 | N/A | 7.2 HIGH |
| Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege. | |||||
| CVE-2022-3787 | 1 Redhat | 2 Device-mapper-multipath, Enterprise Linux | 2024-02-28 | N/A | 7.8 HIGH |
| A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root. | |||||
| CVE-2019-25149 | 1 Robogallery | 1 Gallery Images Ape | 2024-02-28 | N/A | 4.3 MEDIUM |
| The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security. | |||||
| CVE-2023-21172 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
| In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243015 | |||||
| CVE-2021-30205 | 1 Dzzoffice | 1 Dzzoffice | 2024-02-28 | N/A | 5.3 MEDIUM |
| Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames. | |||||
| CVE-2023-33740 | 2 Google, Luowice | 2 Android, Luowice | 2024-02-28 | N/A | 7.5 HIGH |
| Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message. | |||||
| CVE-2023-20964 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
| In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-238177121 | |||||
| CVE-2023-32553 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-02-28 | N/A | 5.3 MEDIUM |
| An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552. | |||||
| CVE-2022-41769 | 1 Intel | 1 Connect M | 2024-02-28 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-20975 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
| In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-250573776 | |||||
| CVE-2023-2310 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2024-02-28 | N/A | 5.3 MEDIUM |
| A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details. | |||||
| CVE-2023-27304 | 1 Cybozu | 1 Garoon | 2024-02-28 | N/A | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. | |||||
| CVE-2023-0965 | 1 Silabs | 1 Gecko Software Development Kit | 2024-02-28 | N/A | 7.5 HIGH |
| Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | |||||
| CVE-2023-32732 | 2 Fedoraproject, Grpc | 2 Fedora, Grpc | 2024-02-28 | N/A | 5.3 MEDIUM |
| gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit inĀ https://github.com/grpc/grpc/pull/32309 https://www.google.com/url | |||||
| CVE-2022-38125 | 1 Secomea | 24 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 21 more | 2024-02-28 | N/A | 5.5 MEDIUM |
| Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client. | |||||
| CVE-2023-1691 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 7.5 HIGH |
| Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2023-33198 | 1 Tgstation13 | 1 Tgstation-server | 2024-02-28 | N/A | 7.5 HIGH |
| tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance's chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise. | |||||