Total
586 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-45357 | 1 Archerirm | 1 Archer | 2023-12-10 | N/A | 6.5 MEDIUM |
Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 (6.14.0) is also a fixed release. | |||||
CVE-2023-44101 | 1 Huawei | 1 Harmonyos | 2023-12-10 | N/A | 7.5 HIGH |
The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality. | |||||
CVE-2023-1401 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization. | |||||
CVE-2023-44122 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2023-12-10 | N/A | 7.8 HIGH |
The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The LockScreenSettings app copies the received file to the "/data/shared/dw/mycategory/wallpaper_01.png" path and then changes the file access mode to world-readable and world-writable. | |||||
CVE-2023-43783 | 1 Falktx | 1 Cadence | 2023-12-10 | N/A | 7.5 HIGH |
Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible. | |||||
CVE-2023-32275 | 1 Softether | 1 Vpn | 2023-12-10 | N/A | 4.4 MEDIUM |
An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. | |||||
CVE-2023-39039 | 1 Camp Style Project Line Project | 1 Camp Style Project Line | 2023-12-10 | N/A | 6.5 MEDIUM |
An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
CVE-2023-39974 | 1 Acymailing | 1 Acymailing | 2023-12-10 | N/A | 5.3 MEDIUM |
Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list. | |||||
CVE-2023-39049 | 1 Youmart-tokunaga Project | 1 Youmart-tokunaga | 2023-12-10 | N/A | 6.5 MEDIUM |
An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
CVE-2023-39040 | 1 Cheese Cafe Line Project | 1 Cheese Cafe Line | 2023-12-10 | N/A | 6.5 MEDIUM |
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
CVE-2023-36429 | 1 Microsoft | 1 Dynamics 365 | 2023-12-10 | N/A | 6.5 MEDIUM |
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | |||||
CVE-2023-42546 | 1 Samsung | 1 Account | 2023-12-10 | N/A | 6.5 MEDIUM |
Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | |||||
CVE-2023-4230 | 1 Moxa | 2 Iologik E4200, Iologik E4200 Firmware | 2023-12-10 | N/A | 5.3 MEDIUM |
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors. | |||||
CVE-2023-41742 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect, Macos and 2 more | 2023-12-10 | N/A | 7.5 HIGH |
Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | |||||
CVE-2023-44102 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-10 | N/A | 5.3 MEDIUM |
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable. | |||||
CVE-2023-39383 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-10 | N/A | 7.5 HIGH |
Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security. | |||||
CVE-2023-38558 | 1 Siemens | 1 Simatic Pcs Neo | 2023-12-10 | N/A | 5.5 MEDIUM |
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems. | |||||
CVE-2023-2916 | 1 Revmakx | 1 Infinitewp Client | 2023-12-10 | N/A | 5.3 MEDIUM |
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges. | |||||
CVE-2023-42551 | 1 Samsung | 1 Account | 2023-12-10 | N/A | 6.5 MEDIUM |
Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | |||||
CVE-2023-35013 | 1 Ibm | 1 Security Verify Governance | 2023-12-10 | N/A | 4.4 MEDIUM |
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769. |