Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43352 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A | 7.8 HIGH |
| An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component. | |||||
| CVE-2023-43336 | 1 Sangoma | 1 Freepbx | 2024-11-21 | N/A | 8.8 HIGH |
| Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. | |||||
| CVE-2023-43318 | 1 Tp-link | 2 Tl-sg2210p, Tl-sg2210p Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests. | |||||
| CVE-2023-43183 | 1 Reprise | 1 License Manager | 2024-11-21 | N/A | 8.8 HIGH |
| Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account. | |||||
| CVE-2023-43141 | 1 Totolink | 4 A3700r, A3700r Firmware, N600r and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. | |||||
| CVE-2023-43089 | 1 Dell | 1 Rugged Control Center | 2024-11-21 | N/A | 4.4 MEDIUM |
| Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources. | |||||
| CVE-2023-43086 | 1 Dell | 1 Command\|configure | 2024-11-21 | N/A | 7.3 HIGH |
| Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation. | |||||
| CVE-2023-42787 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | N/A | 6.5 MEDIUM |
| A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution. | |||||
| CVE-2023-42581 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | N/A | 7.5 HIGH |
| Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data. | |||||
| CVE-2023-42580 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | N/A | 7.5 HIGH |
| Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store. | |||||
| CVE-2023-42577 | 1 Samsung | 2 Android, Samsung Voice Recorder | 2024-11-21 | N/A | 6.8 MEDIUM |
| Improper Access Control in Samsung Voice Recorder prior to versions 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14 allows physical attackers to access Voice Recorder information on the lock screen. | |||||
| CVE-2023-42574 | 1 Samsung | 1 Gamehomecn | 2024-11-21 | N/A | 5.1 MEDIUM |
| Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2 allows local attackers to launch arbitrary activity in GameHomeCN. | |||||
| CVE-2023-42570 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.9 MEDIUM |
| Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN. | |||||
| CVE-2023-42568 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.3 HIGH |
| Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege. | |||||
| CVE-2023-42564 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.6 MEDIUM |
| Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege. | |||||
| CVE-2023-42555 | 1 Samsung | 1 Easysetup | 2024-11-21 | N/A | 6.3 MEDIUM |
| Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device. | |||||
| CVE-2023-42544 | 1 Samsung | 1 Quick Share | 2024-11-21 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files. | |||||
| CVE-2023-42543 | 1 Samsung | 1 Bixby Voice | 2024-11-21 | N/A | 6.2 MEDIUM |
| Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege. | |||||
| CVE-2023-42453 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2024-11-21 | N/A | 3.1 LOW |
| Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-42222 | 1 Webcatalog | 1 Webcatalog | 2024-11-21 | N/A | 8.8 HIGH |
| WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. | |||||