Total
5152 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21234 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21140 | 1 Google | 1 Android | 2024-11-21 | 6.8 Medium |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21134 | 1 Google | 1 Android | 2024-11-21 | 6.8 Medium |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21133 | 1 Google | 1 Android | 2024-11-21 | 6.8 Medium |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21132 | 1 Google | 1 Android | 2024-11-21 | 6.8 Medium |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-20899 | 1 Vmware | 2 Sd-wan Edge, Sd-wan Edge Firmware | 2024-11-21 | 7.5 High |
| VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management. | ||||
| CVE-2023-20833 | 2 Google, Mediatek | 56 Android, Mt6580, Mt6731 and 53 more | 2024-11-21 | 4.4 Medium |
| In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017764. | ||||
| CVE-2023-20826 | 2 Google, Mediatek | 27 Android, Mt6580, Mt6761 and 24 more | 2024-11-21 | 5.5 Medium |
| In cta, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07978550; Issue ID: ALPS07978550. | ||||
| CVE-2023-20825 | 2 Google, Mediatek | 46 Android, Mt2713, Mt6580 and 43 more | 2024-11-21 | 5.5 Medium |
| In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413. | ||||
| CVE-2023-20824 | 2 Google, Mediatek | 46 Android, Mt2713, Mt6580 and 43 more | 2024-11-21 | 5.5 Medium |
| In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951402. | ||||
| CVE-2023-20252 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2024-11-21 | 9.8 Critical |
| A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application. | ||||
| CVE-2023-20064 | 1 Cisco | 40 Asr 9000v-v2, Asr 9001, Asr 9006 and 37 more | 2024-11-21 | 4.6 Medium |
| A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device. | ||||
| CVE-2023-1114 | 1 Eskom | 1 E-belediye | 2024-11-21 | 9.8 Critical |
| Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation.This issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100. | ||||
| CVE-2023-0923 | 1 Redhat | 2 Enterprise Linux, Openshift Data Science | 2024-11-21 | 8.8 High |
| A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues. | ||||
| CVE-2023-0456 | 1 Redhat | 2 Apicast, Red Hat 3scale Amp | 2024-11-21 | 7.4 High |
| A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information. | ||||
| CVE-2022-4943 | 1 Miniorange | 1 Google Authenticator | 2024-11-21 | 7.5 High |
| The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings. | ||||
| CVE-2022-48452 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 4.4 Medium |
| In Ifaa service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed | ||||
| CVE-2022-47604 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13. | ||||
| CVE-2022-46850 | 1 Easy Media Replace Project | 1 Easy Media Replace | 2024-11-21 | 8.7 High |
| Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions. | ||||
| CVE-2022-45851 | 2024-11-21 | 5.4 Medium | ||
| Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4. | ||||