Total
600 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43783 | 1 Falktx | 1 Cadence | 2024-11-21 | N/A | 7.5 HIGH |
| Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible. | |||||
| CVE-2023-43782 | 1 Falktx | 1 Cadence | 2024-11-21 | N/A | 5.5 MEDIUM |
| Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence. | |||||
| CVE-2023-42718 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In dialer, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42717 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 7.5 HIGH |
| In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed | |||||
| CVE-2023-42716 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 7.5 HIGH |
| In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed | |||||
| CVE-2023-42715 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42551 | 1 Samsung | 1 Account | 2024-11-21 | N/A | 5.5 MEDIUM |
| Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | |||||
| CVE-2023-42549 | 1 Samsung | 1 Account | 2024-11-21 | N/A | 5.5 MEDIUM |
| Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | |||||
| CVE-2023-42547 | 1 Samsung | 1 Account | 2024-11-21 | N/A | 5.5 MEDIUM |
| Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | |||||
| CVE-2023-42546 | 1 Samsung | 1 Account | 2024-11-21 | N/A | 5.5 MEDIUM |
| Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | |||||
| CVE-2023-41786 | 1 Artica | 1 Pandora Fms | 2024-11-21 | N/A | 6.8 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772. | |||||
| CVE-2023-41745 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect, Macos and 2 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | |||||
| CVE-2023-41742 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect, Macos and 2 more | 2024-11-21 | N/A | 7.5 HIGH |
| Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | |||||
| CVE-2023-41120 | 1 Enterprisedb | 1 Postgres Advanced Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMS_PROFILER to remove all accumulated profiling data on a system-wide basis, regardless of that user's permissions. | |||||
| CVE-2023-40788 | 1 Bladex | 1 Springblade | 2024-11-21 | N/A | 5.3 MEDIUM |
| SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs | |||||
| CVE-2023-3972 | 1 Redhat | 19 Enterprise Linux, Enterprise Linux Aus, Enterprise Linux Desktop and 16 more | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide). | |||||
| CVE-2023-3670 | 1 Codesys | 2 Development System, Scripting | 2024-11-21 | N/A | 7.3 HIGH |
| In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users. | |||||
| CVE-2023-3456 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-3455 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 9.1 CRITICAL |
| Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity. | |||||
| CVE-2023-3299 | 1 Hashicorp | 1 Nomad | 2024-11-21 | N/A | 3.4 LOW |
| HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11. | |||||