Total
34381 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30684 | 1 Samsung | 1 Android | 2024-11-21 | 4.3 Medium |
| Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission. | ||||
| CVE-2023-30683 | 1 Samsung | 1 Android | 2024-11-21 | 4.3 Medium |
| Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission. | ||||
| CVE-2023-30682 | 1 Samsung | 1 Android | 2024-11-21 | 4.3 Medium |
| Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission. | ||||
| CVE-2023-30679 | 1 Samsung | 1 Android | 2024-11-21 | 7.8 High |
| Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code. | ||||
| CVE-2023-30677 | 1 Samsung | 1 Pass | 2024-11-21 | 6.1 Medium |
| Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device. | ||||
| CVE-2023-30676 | 1 Samsung | 1 Pass | 2024-11-21 | 4.6 Medium |
| Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass. | ||||
| CVE-2023-30672 | 1 Samsung | 1 Smart Switch Pc | 2024-11-21 | 6.8 Medium |
| Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction. | ||||
| CVE-2023-30662 | 1 Samsung | 1 Android | 2024-11-21 | 6.2 Medium |
| Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier. | ||||
| CVE-2023-30661 | 1 Samsung | 1 Android | 2024-11-21 | 6.2 Medium |
| Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier. | ||||
| CVE-2023-30660 | 1 Samsung | 1 Android | 2024-11-21 | 6.2 Medium |
| Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier. | ||||
| CVE-2023-30641 | 1 Samsung | 1 Android | 2024-11-21 | 4.3 Medium |
| Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data. | ||||
| CVE-2023-30633 | 1 Insyde | 1 Insydeh2o | 2024-11-21 | 5.3 Medium |
| An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. (For example, Windows uses these PCR measurements to determine device health.) A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. This requires physical access to a target victim's device, or compromise of user credentials for a device. This issue is similar to CVE-2021-42299 (on Surface Pro devices). | ||||
| CVE-2023-30437 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 5.3 Medium |
| IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293. | ||||
| CVE-2023-30297 | 1 N-able | 1 N-central | 2024-11-21 | 7.0 High |
| An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server. | ||||
| CVE-2023-30131 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | 9.8 Critical |
| An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls. | ||||
| CVE-2023-2992 | 1 Lenovo | 16 Nextscale N1200 Enclosure, Nextscale N1200 Enclosure Firmware, Thinkagile Cp-cb-10 and 13 more | 2024-11-21 | 7.5 High |
| An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server. | ||||
| CVE-2023-2979 | 1 Abstrium | 1 Pydio Cells | 2024-11-21 | 4.7 Medium |
| A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230211. | ||||
| CVE-2023-2926 | 1 Seacms | 1 Seacms | 2024-11-21 | 5.4 Medium |
| A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230081 was assigned to this vulnerability. | ||||
| CVE-2023-2874 | 2 Filseclab, Microsoft | 2 Twister Antivirus, Windows | 2024-11-21 | 5.5 Medium |
| A vulnerability, which was classified as problematic, has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2816 | 1 Hashicorp | 1 Consul | 2024-11-21 | 8.7 High |
| Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies. | ||||