CVE Daily
← All years

Uncategorized 2024

Page 27/27.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2024-01-10
High

CVE-2023-42933

This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to gain elevated privileges.

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2023-42929

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access protected user data.

CVSS: 5.5CWE: N/A
Read more
High

CVE-2023-42876

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to a denial-of-service or potentially disclose memory contents.

CVSS: 7.1CWE: N/A
Read more
Medium

CVE-2023-42872

The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user data.

CVSS: 5.5CWE: N/A
Read more
High

CVE-2023-42866

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arb…

CVSS: 8.8CWE: N/A
Read more
Medium

CVE-2023-42831

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to f…

CVSS: 5.5CWE: N/A
Read more
High

CVE-2023-42828

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges.

CVSS: 7.8CWE: N/A
Read more
Low

CVE-2023-40529

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to acces…

CVSS: 2.4CWE: N/A
Read more
Medium

CVE-2023-40437

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2023-40433

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks.

CVSS: 5.5CWE: N/A
Read more
Low

CVE-2023-38612

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to ac…

CVSS: 3.3CWE: N/A
Read more
Medium

CVE-2023-38607

The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may be able to modify Printer settings.

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2023-32424

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2022-48577

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2022-48504

The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.

CVSS: 5.5CWE: N/A
Read more
2024-01-09
Medium

CVE-2024-20690

Windows Nearby Sharing Spoofing Vulnerability

CVSS: 6.5CWE: CWE-310
Read more
Medium

CVE-2024-22368

The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not hav…

CVSS: 5.5CWE: N/A
Read more
Critical

CVE-2023-50643

An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.

CVSS: 9.8CWE: N/A
Read more
2024-01-08
Medium

CVE-2023-52271

The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time).

CVSS: 6.5CWE: N/A
Read more
High

CVE-2023-6750

The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2023-6505

The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2023-6139

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Den…

CVSS: 6.5CWE: N/A
Read more
High

CVE-2023-6042

Any unauthenticated user may send e-mail from the site with any title or content to the admin

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2018-25095

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site a…

CVSS: 9.8CWE: N/A
Read more
2024-01-05
Medium

CVE-2023-46836

The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled.…

CVSS: 4.7CWE: N/A
Read more
Medium

CVE-2023-34328

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging function…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2023-34327

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging function…

CVSS: 5.5CWE: N/A
Read more
Critical

CVE-2023-51277

nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.

CVSS: 9.8CWE: N/A
Read more
2024-01-04
High

CVE-2023-50082

Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend m…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2024-20809

Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2024-20808

Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.

CVSS: 4.0CWE: N/A
Read more
Low

CVE-2024-20807

Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local attacker to get sensitive information.

CVSS: 3.3CWE: N/A
Read more
Medium

CVE-2024-20806

Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.

CVSS: 6.2CWE: N/A
Read more
Medium

CVE-2024-20802

Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment.

CVSS: 4.6CWE: N/A
Read more
2024-01-03
Critical

CVE-2023-50090

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.

CVSS: 9.8CWE: N/A
Read more
High

CVE-2023-45559

An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.

CVSS: 8.2CWE: N/A
Read more
Medium

CVE-2023-49558

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.

CVSS: 5.5CWE: N/A
Read more
2024-01-02
High

CVE-2023-49553

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2023-49549

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2023-45561

An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.

CVSS: 5.3CWE: N/A
Read more
High

CVE-2023-33037

Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.

CVSS: 7.1CWE: CWE-310
Read more
2024-01-01
High

CVE-2023-6271

The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive info…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2023-6113

The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allow…

CVSS: 7.5CWE: N/A
Read more
>