Total
29603 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30671 | 1 Samsung | 1 Android | 2024-11-21 | 6.3 Medium |
| Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application. | ||||
| CVE-2023-30667 | 1 Samsung | 1 Android | 2024-11-21 | 5.1 Medium |
| Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege. | ||||
| CVE-2023-30654 | 1 Samsung | 1 Android | 2024-11-21 | 6.7 Medium |
| Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location. | ||||
| CVE-2023-30640 | 1 Samsung | 1 Android | 2024-11-21 | 4.3 Medium |
| Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration. | ||||
| CVE-2023-2974 | 1 Redhat | 2 Build Of Quarkus, Quarkus | 2024-11-21 | 6.5 Medium |
| A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol. | ||||
| CVE-2023-2902 | 1 Nfine Rapid Development Platform Project | 1 Nfine Rapid Development Platform | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in NFine Rapid Development Platform 20230511. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229976. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2861 | 1 Qemu | 1 Qemu | 2024-11-21 | 6 Medium |
| A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. | ||||
| CVE-2023-2585 | 1 Redhat | 8 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Ibm Z and 5 more | 2024-11-21 | 3.5 Low |
| Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client. | ||||
| CVE-2023-2426 | 1 Vim | 1 Vim | 2024-11-21 | 5.5 Medium |
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. | ||||
| CVE-2023-2267 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2024-11-21 | 4.3 Medium |
| An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details. | ||||
| CVE-2023-2255 | 3 Debian, Libreoffice, Redhat | 3 Debian Linux, Libreoffice, Enterprise Linux | 2024-11-21 | 5.3 Medium |
| Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3. | ||||
| CVE-2023-2112 | 1 M-files | 1 M-files Server | 2024-11-21 | 3.6 Low |
| Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0. | ||||
| CVE-2023-2003 | 2 Unitronics, Unitronicsplc | 3 Vision1210, Vision1210, Vision1210 Firmware | 2024-11-21 | 9.1 Critical |
| Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device. | ||||
| CVE-2023-29689 | 1 Pyrocms | 1 Pyrocms | 2024-11-21 | 9.8 Critical |
| PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system. | ||||
| CVE-2023-29320 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 7.8 High |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29157 | 1 Intel | 1 One Boot Flash Update | 2024-11-21 | 8.4 High |
| Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-28876 | 1 Afian | 1 Filerun | 2024-11-21 | 4.3 Medium |
| A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. | ||||
| CVE-2023-28472 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.3 Medium |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies. | ||||
| CVE-2023-28397 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-11-21 | 7.8 High |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated to potentially enable escalation of privileges via local access. | ||||
| CVE-2023-28385 | 2 Intel, Microsoft | 3 Next Unit Of Computing Firmware, Nuc Pro Software Suite, Windows | 2024-11-21 | 8.2 High |
| Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access. | ||||