Total
5463 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39670 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 6.2 Medium |
| Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-21469 | 1 Qualcomm | 450 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 447 more | 2024-11-21 | 7.3 High |
| Memory corruption when an invoke call and a TEE call are bound for the same trusted application. | ||||
| CVE-2024-20361 | 2024-11-21 | 5.8 Medium | ||
| A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software. This vulnerability is due to the incorrect deployment of the Object Groups for ACLs feature from Cisco FMC Software to managed FTD devices in high-availability setups. After an affected device is rebooted following Object Groups for ACLs deployment, an attacker can exploit this vulnerability by sending traffic through the affected device. A successful exploit could allow the attacker to bypass configured access controls and successfully send traffic to devices that are expected to be protected by the affected device. | ||||
| CVE-2023-52106 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 4.4 Medium |
| Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability. | ||||
| CVE-2023-42005 | 1 Ibm | 2 Db2, Db2 Warehouse | 2024-11-21 | 7.4 High |
| IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264. | ||||
| CVE-2023-3599 | 1 Best Fee Management System Project | 1 Best Fee Management System | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in SourceCodester Best Fee Management System 1.0. It has been rated as critical. Affected by this issue is the function save_user of the file admin_class.php of the component Add User Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-233450 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-39406 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart. | ||||
| CVE-2023-39394 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified. | ||||
| CVE-2023-39391 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of system file information leakage in the USB Service module. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2023-39387 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| Vulnerability of permission control in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows. | ||||
| CVE-2023-39384 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2023-39380 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally. | ||||
| CVE-2023-2255 | 3 Debian, Libreoffice, Redhat | 3 Debian Linux, Libreoffice, Enterprise Linux | 2024-11-21 | 5.3 Medium |
| Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3. | ||||
| CVE-2023-22633 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | 7.2 High |
| An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation. | ||||
| CVE-2023-21641 | 1 Qualcomm | 30 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 27 more | 2024-11-21 | 6.6 Medium |
| An app with non-privileged access can change global system brightness and cause undesired system behavior. | ||||
| CVE-2023-20190 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 5.8 Medium |
| A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication . | ||||
| CVE-2022-42460 | 1 Sedlex | 1 Traffic Manager | 2024-11-21 | 6.5 Medium |
| Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress. | ||||
| CVE-2022-41132 | 1 Ezoic | 1 Ezoic | 2024-11-21 | 6.1 Medium |
| Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress. | ||||
| CVE-2022-23731 | 1 Lg | 1 Webos | 2024-11-21 | 7.8 High |
| V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models. | ||||
| CVE-2022-23714 | 2 Elastic, Microsoft | 2 Endpoint Security, Windows | 2024-11-21 | 7.8 High |
| A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | ||||