Total
29785 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42581 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | 7.5 High |
| Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data. | ||||
| CVE-2023-42580 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | 7.5 High |
| Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store. | ||||
| CVE-2023-42577 | 1 Samsung | 2 Android, Samsung Voice Recorder | 2024-11-21 | 6.8 Medium |
| Improper Access Control in Samsung Voice Recorder prior to versions 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14 allows physical attackers to access Voice Recorder information on the lock screen. | ||||
| CVE-2023-42574 | 1 Samsung | 1 Gamehomecn | 2024-11-21 | 5.1 Medium |
| Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2 allows local attackers to launch arbitrary activity in GameHomeCN. | ||||
| CVE-2023-42570 | 1 Samsung | 1 Android | 2024-11-21 | 5.9 Medium |
| Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN. | ||||
| CVE-2023-42568 | 1 Samsung | 1 Android | 2024-11-21 | 7.3 High |
| Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege. | ||||
| CVE-2023-42555 | 1 Samsung | 1 Easysetup | 2024-11-21 | 6.3 Medium |
| Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device. | ||||
| CVE-2023-42544 | 1 Samsung | 1 Quick Share | 2024-11-21 | 5.5 Medium |
| Improper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files. | ||||
| CVE-2023-42543 | 1 Samsung | 1 Bixby Voice | 2024-11-21 | 6.2 Medium |
| Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege. | ||||
| CVE-2023-42222 | 1 Webcatalog | 1 Webcatalog | 2024-11-21 | 8.8 High |
| WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. | ||||
| CVE-2023-41960 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2024-11-21 | 7.1 High |
| The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself. | ||||
| CVE-2023-41894 | 1 Home-assistant | 1 Home-assistant | 2024-11-21 | 5.3 Medium |
| Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the `*.ui.nabu.casa` URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the SniTun proxy, which sets the source address to 127.0.0.1 on all requests sent to the public URL and forwarded to the local Home Assistant. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-41775 | 2 Apple, L-is-b | 2 Macos, Direct | 2024-11-21 | 5.5 Medium |
| Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc. of the device where the product is installed without the user's consent. | ||||
| CVE-2023-41570 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 5.3 Medium |
| MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. | ||||
| CVE-2023-40850 | 1 Netentsec | 2 Ns-asg, Ns-asg Firmware | 2024-11-21 | 7.5 High |
| netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway. | ||||
| CVE-2023-40708 | 1 Opto22 | 2 Snap Pac S1, Snap Pac S1 Firmware | 2024-11-21 | 5.8 Medium |
| The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files. | ||||
| CVE-2023-40540 | 1 Intel | 112 Nuc 11 Enthusiast Kit Nuc11phki7c, Nuc 11 Enthusiast Kit Nuc11phki7c Firmware, Nuc 11 Enthusiast Mini Pc Nuc11phki7caa and 109 more | 2024-11-21 | 4.1 Medium |
| Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2023-40453 | 1 Docker | 1 Machine | 2024-11-21 | 6.5 Medium |
| Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-40158 | 1 Cbc | 56 Dr-16f, Dr-16f42a, Dr-16f42a Firmware and 53 more | 2024-11-21 | 8.8 High |
| Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided. | ||||
| CVE-2023-40151 | 1 Redlioncontrols | 12 St-ipm-6350, St-ipm-6350 Firmware, St-ipm-8460 and 9 more | 2024-11-21 | 10 Critical |
| When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge. | ||||