Total
29785 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31019 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2024-11-21 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context. | ||||
| CVE-2023-30952 | 1 Palantir | 1 Foundry | 2024-11-21 | 5 Medium |
| A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 . | ||||
| CVE-2023-30946 | 1 Palantir | 1 Foundry Issues | 2024-11-21 | 3.5 Low |
| A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue. | ||||
| CVE-2023-30739 | 1 Samsung | 1 Android | 2024-11-21 | 6.7 Medium |
| Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. | ||||
| CVE-2023-30737 | 1 Samsung | 1 Health | 2024-11-21 | 4 Medium |
| Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | ||||
| CVE-2023-30734 | 1 Samsung | 1 Health | 2024-11-21 | 4 Medium |
| Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | ||||
| CVE-2023-30722 | 1 Samsung | 1 Blockchain Keystore | 2024-11-21 | 5.5 Medium |
| Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code. | ||||
| CVE-2023-30718 | 1 Samsung | 1 Android | 2024-11-21 | 4 Medium |
| Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting. | ||||
| CVE-2023-30714 | 1 Samsung | 1 Android | 2024-11-21 | 4.6 Medium |
| Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock. | ||||
| CVE-2023-30711 | 1 Samsung | 1 Android | 2024-11-21 | 4 Medium |
| Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider. | ||||
| CVE-2023-30706 | 1 Samsung | 1 Android | 2024-11-21 | 7.5 High |
| Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege. | ||||
| CVE-2023-30704 | 1 Samsung | 1 Internet | 2024-11-21 | 3.8 Low |
| Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication. | ||||
| CVE-2023-30674 | 1 Samsung | 1 Internet | 2024-11-21 | 6.5 Medium |
| Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie. | ||||
| CVE-2023-30671 | 1 Samsung | 1 Android | 2024-11-21 | 6.3 Medium |
| Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application. | ||||
| CVE-2023-30667 | 1 Samsung | 1 Android | 2024-11-21 | 5.1 Medium |
| Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege. | ||||
| CVE-2023-30654 | 1 Samsung | 1 Android | 2024-11-21 | 6.7 Medium |
| Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location. | ||||
| CVE-2023-30640 | 1 Samsung | 1 Android | 2024-11-21 | 4.3 Medium |
| Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration. | ||||
| CVE-2023-2974 | 1 Redhat | 2 Build Of Quarkus, Quarkus | 2024-11-21 | 6.5 Medium |
| A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol. | ||||
| CVE-2023-2902 | 1 Nfine Rapid Development Platform Project | 1 Nfine Rapid Development Platform | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in NFine Rapid Development Platform 20230511. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229976. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2861 | 1 Qemu | 1 Qemu | 2024-11-21 | 6 Medium |
| A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. | ||||