Total
2253 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-40640 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | |||||
CVE-2023-38458 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2023-12-10 | N/A | 7.8 HIGH |
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges | |||||
CVE-2023-36140 | 1 Phpjabbers | 1 Cleaning Business Software | 2023-12-10 | N/A | 9.8 CRITICAL |
In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts. | |||||
CVE-2023-38463 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges | |||||
CVE-2023-33879 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 3.3 LOW |
In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
CVE-2023-33902 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
CVE-2023-40648 | 2 Google, Unisoc | 2 Android, Sc9863a | 2023-12-10 | N/A | 5.5 MEDIUM |
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
CVE-2023-43652 | 1 Fit2cloud | 1 Jumpserver | 2023-12-10 | N/A | 9.1 CRITICAL |
JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used as an authentication secret alone. JumpServer provides an API for the KoKo component to validate user private key logins. This API does not verify the source of requests and will generate a personal authentication token. Given that public keys can be easily leaked, an attacker can exploit the leaked public key and username to authenticate, subsequently gaining access to the current user's information and authorized actions. This issue has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2023-43501 | 1 Jenkins | 1 Build Failure Analyzer | 2023-12-10 | N/A | 6.5 MEDIUM |
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. | |||||
CVE-2023-42650 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
CVE-2023-37956 | 1 Jenkins | 1 Test Results Aggregator | 2023-12-10 | N/A | 6.5 MEDIUM |
A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
CVE-2023-43488 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2023-12-10 | N/A | 7.8 HIGH |
The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB. | |||||
CVE-2023-4124 | 1 Answer | 1 Answer | 2023-12-10 | N/A | 6.5 MEDIUM |
Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1. | |||||
CVE-2023-40040 | 2 Google, Mycrops | 2 Android, Higrade | 2023-12-10 | N/A | 5.3 MEDIUM |
An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023. | |||||
CVE-2023-20825 | 2 Google, Mediatek | 46 Android, Mt2713, Mt6580 and 43 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413. | |||||
CVE-2023-33895 | 2 Google, Unisoc | 14 Android, S8004, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
CVE-2023-37949 | 1 Jenkins | 1 Orka By Macstadium | 2023-12-10 | N/A | 7.1 HIGH |
A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2023-45247 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2023-12-10 | N/A | 7.1 HIGH |
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36497. | |||||
CVE-2023-45240 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2023-12-10 | N/A | 5.5 MEDIUM |
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. | |||||
CVE-2023-32789 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |