Uncategorized CVEs — 2023 (Page 2/24)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2023-12-12

Medium

CVE-2023-42932

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data.

CVSS: 5.5CWE: N/A

Medium

CVE-2023-42923

This issue was addressed through improved state management. This issue is fixed in iOS 17.2 and iPadOS 17.2. Private Browsing tabs may be accessed without authentication.

CVSS: 5.3CWE: N/A

Medium

CVE-2023-42922

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macO…

CVSS: 5.5CWE: N/A

Medium

CVE-2023-42919

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, iOS 16.7.3…

CVSS: 5.5CWE: N/A

Medium

CVE-2023-42914

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3,…

CVSS: 6.3CWE: N/A

Medium

CVE-2023-42900

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data.

CVSS: 5.5CWE: N/A

High

CVE-2023-42899

CVSS: 7.8CWE: N/A

Medium

CVE-2023-42898

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code exec…

CVSS: 5.5CWE: N/A

Medium

CVE-2023-42897

The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker with physical access may be able to use Siri to access sensitive user data.

CVSS: 4.6CWE: N/A

Medium

CVE-2023-42894

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access informat…

CVSS: 5.5CWE: N/A

Medium

CVE-2023-42891

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to monitor keystrokes w…

CVSS: 5.5CWE: N/A

Medium

CVE-2023-42883

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processi…

CVSS: 5.5CWE: N/A

Low

CVE-2023-42874

This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard.

CVSS: 2.4CWE: N/A

High

CVE-2023-40446

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input may l…

CVSS: 7.8CWE: N/A

2023-12-11

High

CVE-2020-12613

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). Whe…

CVSS: 8.8CWE: N/A

High

CVE-2023-6185

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename o…

CVSS: 8.3CWE: N/A

Critical

CVE-2023-6181

An oversight in BCB handling of reboot reason that allows for persistent code execution

CVSS: 9.8CWE: N/A

Critical

CVE-2023-48424

U-Boot shell vulnerability resulting in Privilege escalation in a production device

CVSS: 9.8CWE: N/A

2023-12-10

Medium

CVE-2023-50453

An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as…

CVSS: 5.3CWE: N/A

2023-12-09

Medium

CVE-2023-50431

sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.

CVSS: 5.5CWE: N/A

Medium

CVE-2023-50428

In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by…

CVSS: 5.3CWE: N/A

High

CVE-2021-46899

SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local attacker to control the application.

CVSS: 7.8CWE: N/A

Medium

CVE-2023-47465

An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c.

CVSS: 5.5CWE: N/A

2023-12-08

Critical

CVE-2023-46498

An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file.

CVSS: 9.8CWE: N/A

Medium

CVE-2023-48412

In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. This could lead to local information disclosure with no additional execution priv…

CVSS: 5.5CWE: N/A

High

CVE-2023-48407

there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User in…

CVSS: 7.8CWE: N/A

Medium

CVE-2023-48405

there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User int…

CVSS: 6.7CWE: N/A

High

CVE-2023-48122

An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.

CVSS: 7.5CWE: N/A

High

CVE-2023-43305

An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVSS: 8.2CWE: N/A

2023-12-07

Medium

CVE-2023-38174

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVSS: 4.3CWE: N/A

Medium

CVE-2023-36880

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVSS: 4.8CWE: N/A

High

CVE-2023-49464

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.

CVSS: 8.8CWE: N/A

High

CVE-2023-49463

libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.

CVSS: 8.8CWE: N/A

High

CVE-2023-49462

libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.

CVSS: 8.8CWE: N/A

High

CVE-2023-49460

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.

CVSS: 8.8CWE: N/A

Critical

CVE-2023-49409

Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet.

CVSS: 9.8CWE: N/A

Critical

CVE-2023-49406

Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet.

CVSS: 9.8CWE: N/A

High

CVE-2023-39909

Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application.

CVSS: 8.8CWE: N/A

High

CVE-2023-33412

The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3…

CVSS: 8.8CWE: N/A

Medium

CVE-2023-6588

Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Worksp…

CVSS: 6.5CWE: N/A

High

CVE-2023-49957

An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary t…

CVSS: 7.5CWE: N/A

High

CVE-2023-49956

An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random transactionId terminates active transa…

CVSS: 7.5CWE: N/A

High

CVE-2023-49955

An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotifica…

CVSS: 7.5CWE: N/A

Critical

CVE-2023-48860

TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code.

CVSS: 9.8CWE: N/A

High

CVE-2023-43303

An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVSS: 8.2CWE: N/A

High

CVE-2023-43302

An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVSS: 8.2CWE: N/A

High

CVE-2023-43300

An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVSS: 8.2CWE: N/A

Medium

CVE-2023-43299

An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVSS: 5.3CWE: N/A

Medium

CVE-2023-43298

An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVSS: 5.3CWE: N/A

Medium

CVE-2023-46916

Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor.

CVSS: 4.3CWE: N/A

High

CVE-2023-41106

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. An attacker can gain access to a Zimbra account. This is also fixed in 9.0.0 Patch 35 and 8.8.15 Patch 42.

CVSS: 7.5CWE: N/A

Medium

CVE-2023-6566

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

CVSS: 6.5CWE: CWE-840

2023-12-06

High

CVE-2023-48123

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.

CVSS: 8.8CWE: N/A

High

CVE-2023-45285

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, ev…

CVSS: 7.5CWE: N/A

Medium

CVE-2023-39326

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can…

CVSS: 5.3CWE: N/A

High

CVE-2023-6514

The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted f…

CVSS: 8.8CWE: CWE-840

High

CVE-2023-49245

Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulnerability may affect service confidentiality.

CVSS: 7.5CWE: N/A

High

CVE-2023-49244

Permission management vulnerability in the multi-user module. Successful exploitation of this vulnerability may affect service confidentiality.

CVSS: 7.5CWE: N/A

High

CVE-2023-49243

Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality.

CVSS: 7.5CWE: N/A

High

CVE-2023-49242

Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality.

CVSS: 7.5CWE: N/A

High

CVE-2023-49241

API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality.

CVSS: 7.5CWE: N/A

Critical

CVE-2023-48849

Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering.

CVSS: 9.8CWE: N/A

Critical

CVE-2023-22524

Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and Ma…

CVSS: 9.8CWE: N/A

High

CVE-2023-22523

This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Asse…

CVSS: 8.8CWE: N/A

Medium

CVE-2023-6511

Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

CVSS: 4.3CWE: N/A

Medium

CVE-2023-28876

A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users.

CVSS: 4.3CWE: N/A

2023-12-05

High

CVE-2023-43472

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.

CVSS: 7.5CWE: N/A

High

CVE-2022-47531

An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized…

CVSS: 8.8CWE: N/A

High

CVE-2023-42581

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.

CVSS: 7.5CWE: N/A

High

CVE-2023-42580

Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.

CVSS: 7.5CWE: N/A

Medium

CVE-2023-42577

Improper Access Control in Samsung Voice Recorder prior to versions 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14 allows physical attackers to access Voice Recorder information on…

CVSS: 6.8CWE: N/A

Medium

CVE-2023-42574

Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2 allows local attackers to launch arbitrary activity in GameHomeCN.

CVSS: 5.1CWE: N/A

Medium

CVE-2023-42573

PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models allows local attackers to access data.

CVSS: 4.7CWE: N/A

Low

CVE-2023-42572

Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive information.

CVSS: 3.3CWE: N/A

High

CVE-2023-42571

Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user los…

CVSS: 7.6CWE: N/A

Medium

CVE-2023-42570

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.

CVSS: 5.9CWE: N/A

High

CVE-2023-42568

Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege.

CVSS: 7.3CWE: N/A

High

CVE-2023-42565

Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.

CVSS: 7.3CWE: N/A

Medium

CVE-2023-42564

Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege.

CVSS: 6.6CWE: N/A

Low

CVE-2023-42556

Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information.

CVSS: 3.3CWE: N/A

2023-12-04

High

CVE-2023-45779

In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional ex…

CVSS: 7.8CWE: N/A

High

CVE-2023-45777

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escal…

CVSS: 7.8CWE: N/A

High

CVE-2023-45774

In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy. This could lead to local escalation of privilege with no additiona…

CVSS: 7.8CWE: N/A

Medium

CVE-2023-40098

In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclos…

CVSS: 5.5CWE: N/A

High

CVE-2023-40096

In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with…

CVSS: 7.8CWE: N/A

High

CVE-2023-40095

In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no add…

CVSS: 7.8CWE: N/A

Medium

CVE-2023-40092

In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional…

CVSS: 5.5CWE: N/A

Critical

CVE-2023-40082

In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution p…

CVSS: 9.8CWE: N/A

Medium

CVE-2023-40081

In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no addi…

CVSS: 5.5CWE: N/A

High

CVE-2023-40079

In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional exec…

CVSS: 7.8CWE: N/A

Medium

CVE-2023-40075

In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in…

CVSS: 5.5CWE: N/A

Medium

CVE-2023-40074

In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS: 5.5CWE: N/A

Medium

CVE-2023-40073

In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. Us…

CVSS: 5.5CWE: N/A

Critical

CVE-2023-35690

In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execut…

CVSS: 9.8CWE: N/A

Medium

CVE-2023-35668

In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution p…

CVSS: 5.5CWE: N/A

Critical

CVE-2023-21403

In RGXDestroyZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional exec…

CVSS: 9.8CWE: N/A

Critical

CVE-2023-21402

In MMU_UnmapPages of mmu_common.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution…

CVSS: 9.8CWE: N/A

Critical

CVE-2023-21401

In DevmemIntChangeSparse of devicemem_server.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional e…

CVSS: 9.8CWE: N/A

Critical

CVE-2023-21263

In OSMMapPMRGeneric of pmr_os.c, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution priv…

CVSS: 9.8CWE: N/A

Critical

CVE-2023-21228

In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with no a…

CVSS: 9.8CWE: N/A

High

CVE-2023-21227

In HTBLogKM of htbserver.c, there is a possible information disclosure due to log information disclosure. This could lead to local information disclosure in the kernel with no additional execution pr…

CVSS: 7.5CWE: N/A

Critical

CVE-2023-21218

CVSS: 9.8CWE: N/A

Critical

CVE-2023-21217

In PMRWritePMPageList of TBD, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User…

CVSS: 9.8CWE: N/A

Critical

CVE-2023-21215

In DevmemIntAcquireRemoteCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additi…

CVSS: 9.8CWE: N/A

Critical

CVE-2023-21166

In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution p…

CVSS: 9.8CWE: N/A

Critical

CVE-2023-21164

In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execu…

CVSS: 9.8CWE: N/A

Critical

CVE-2023-21163

In PMR_ReadBytes of pmr.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges…

CVSS: 9.8CWE: N/A

Critical

CVE-2023-21162

In RGXUnbackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution…

CVSS: 9.8CWE: N/A

Critical

CVE-2023-5952

The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on…

CVSS: 9.8CWE: N/A

Critical

CVE-2023-48799

TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution.

CVSS: 9.8CWE: N/A

High

CVE-2023-6481

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

CVSS: 7.1CWE: N/A

Medium

CVE-2023-5332

Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only…

CVSS: 5.9CWE: N/A

Medium

CVE-2023-32858

In GZ, there is a possible information disclosure due to a missing data erasing. This could lead to local information disclosure with System execution privileges needed. User interaction is not neede…

CVSS: 4.4CWE: N/A

Medium

CVE-2023-32852

In cameraisp, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is…

CVSS: 4.4CWE: N/A

Medium

CVE-2023-42721

In flv extractor, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed

CVSS: 5.5CWE: N/A

High

CVE-2023-38003

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Fo…

CVSS: 7.2CWE: N/A

2023-12-03

Medium

CVE-2023-49948

Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss (or another extension) to a URL.

CVSS: 5.3CWE: N/A

2023-12-02

Medium

CVE-2023-49914

InteraXon Muse 2 devices allow remote attackers to cause a denial of service (incorrect Muse App report of an outstanding, calm meditation state) via a 480 MHz RF carrier that is modulated by a "fals…

CVSS: 6.5CWE: N/A

2023-11-30

High

CVE-2023-46389

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive…

CVSS: 7.5CWE: N/A

High

CVE-2023-46387

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensit…

CVSS: 7.5CWE: N/A