Total
809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21440 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.2 MEDIUM |
| Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. | |||||
| CVE-2023-21436 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID. | |||||
| CVE-2023-21433 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | N/A | 7.8 HIGH |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | |||||
| CVE-2023-21432 | 1 Samsung | 1 Smart Things | 2024-11-21 | N/A | 4.2 MEDIUM |
| Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner. | |||||
| CVE-2023-21429 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID. | |||||
| CVE-2023-21424 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.1 MEDIUM |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. | |||||
| CVE-2023-21423 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.1 MEDIUM |
| Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. | |||||
| CVE-2023-21422 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.7 MEDIUM |
| Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService. | |||||
| CVE-2023-20186 | 1 Cisco | 2 Ios, Ios Xe | 2024-11-21 | N/A | 8.0 HIGH |
| A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using SCP to connect to an affected device from an external machine. A successful exploit could allow the attacker to obtain or change the configuration of the affected device and put files on or retrieve files from the affected device. | |||||
| CVE-2023-20088 | 1 Cisco | 1 Finesse | 2024-11-21 | N/A | 5.3 MEDIUM |
| A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. This vulnerability is due to improper IP address filtering by the reverse proxy. An attacker could exploit this vulnerability by sending a series of unauthenticated requests to the reverse proxy. A successful exploit could allow the attacker to cause all current traffic and subsequent requests to the reverse proxy through a load balancer to be dropped, resulting in a DoS condition. | |||||
| CVE-2023-1164 | 1 Kylinos | 1 Kylin Os | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| A vulnerability was found in KylinSoft kylin-activation on KylinOS and classified as critical. Affected by this issue is some unknown functionality of the component File Import. The manipulation leads to improper authorization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.11-23 and 1.30.10-5.p23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222260. | |||||
| CVE-2023-0914 | 1 Pixelfed | 1 Pixelfed | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4. | |||||
| CVE-2023-0837 | 3 Apple, Microsoft, Teamviewer | 3 Macos, Windows, Remote | 2024-11-21 | N/A | 6.6 MEDIUM |
| An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration. | |||||
| CVE-2023-0822 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. | |||||
| CVE-2023-0813 | 1 Redhat | 2 Enterprise Linux, Network Observability | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication. | |||||
| CVE-2023-0734 | 1 Wallabag | 1 Wallabag | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | |||||
| CVE-2023-0665 | 1 Hashicorp | 1 Vault | 2024-11-21 | N/A | 6.5 MEDIUM |
| HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9. | |||||
| CVE-2023-0610 | 1 Wallabag | 1 Wallabag | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | |||||
| CVE-2023-0609 | 1 Wallabag | 1 Wallabag | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | |||||
| CVE-2023-0456 | 1 Redhat | 1 Apicast | 2024-11-21 | N/A | 7.4 HIGH |
| A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information. | |||||