Vulnerabilities (CVE)

Filtered by CWE-668
Total 586 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-45357 1 Archerirm 1 Archer 2023-12-10 N/A 6.5 MEDIUM
Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 (6.14.0) is also a fixed release.
CVE-2023-44101 1 Huawei 1 Harmonyos 2023-12-10 N/A 7.5 HIGH
The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-1401 1 Gitlab 1 Gitlab 2023-12-10 N/A 4.3 MEDIUM
An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.
CVE-2023-44122 2 Google, Lg 2 Android, V60 Thin Q 5g 2023-12-10 N/A 7.8 HIGH
The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The LockScreenSettings app copies the received file to the "/data/shared/dw/mycategory/wallpaper_01.png" path and then changes the file access mode to world-readable and world-writable.
CVE-2023-43783 1 Falktx 1 Cadence 2023-12-10 N/A 7.5 HIGH
Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible.
CVE-2023-32275 1 Softether 1 Vpn 2023-12-10 N/A 4.4 MEDIUM
An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability.
CVE-2023-39039 1 Camp Style Project Line Project 1 Camp Style Project Line 2023-12-10 N/A 6.5 MEDIUM
An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2023-39974 1 Acymailing 1 Acymailing 2023-12-10 N/A 5.3 MEDIUM
Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.
CVE-2023-39049 1 Youmart-tokunaga Project 1 Youmart-tokunaga 2023-12-10 N/A 6.5 MEDIUM
An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2023-39040 1 Cheese Cafe Line Project 1 Cheese Cafe Line 2023-12-10 N/A 6.5 MEDIUM
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2023-36429 1 Microsoft 1 Dynamics 365 2023-12-10 N/A 6.5 MEDIUM
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2023-42546 1 Samsung 1 Account 2023-12-10 N/A 6.5 MEDIUM
Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
CVE-2023-4230 1 Moxa 2 Iologik E4200, Iologik E4200 Firmware 2023-12-10 N/A 5.3 MEDIUM
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors.
CVE-2023-41742 4 Acronis, Apple, Linux and 1 more 5 Agent, Cyber Protect, Macos and 2 more 2023-12-10 N/A 7.5 HIGH
Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.
CVE-2023-44102 1 Huawei 2 Emui, Harmonyos 2023-12-10 N/A 5.3 MEDIUM
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.
CVE-2023-39383 1 Huawei 2 Emui, Harmonyos 2023-12-10 N/A 7.5 HIGH
Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.
CVE-2023-38558 1 Siemens 1 Simatic Pcs Neo 2023-12-10 N/A 5.5 MEDIUM
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems.
CVE-2023-2916 1 Revmakx 1 Infinitewp Client 2023-12-10 N/A 5.3 MEDIUM
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.
CVE-2023-42551 1 Samsung 1 Account 2023-12-10 N/A 6.5 MEDIUM
Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
CVE-2023-35013 1 Ibm 1 Security Verify Governance 2023-12-10 N/A 4.4 MEDIUM
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769.