Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 27889 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1647 1 Cal 1 Cal.com 2023-03-31 N/A 8.8 HIGH
Improper Access Control in GitHub repository calcom/cal.com prior to 2.7.
CVE-2023-1143 1 Deltaww 1 Infrasuite Device Master 2023-03-30 N/A 8.8 HIGH
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
CVE-2022-40208 1 Moodle 1 Moodle 2023-03-30 N/A 4.3 MEDIUM
In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt.
CVE-2022-37603 1 Webpack.js 1 Loader-utils 2023-03-30 N/A 7.5 HIGH
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.
CVE-2023-20975 1 Google 1 Android 2023-03-30 N/A 7.8 HIGH
In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-250573776
CVE-2022-31247 1 Suse 1 Rancher 2023-03-29 N/A 9.1 CRITICAL
An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16.
CVE-2005-1796 2 Debian, Ettercap 2 Debian Linux, Ettercap 2023-03-29 7.5 HIGH N/A
Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code.
CVE-2023-20929 1 Google 1 Android 2023-03-29 N/A 5.5 MEDIUM
In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-234442700
CVE-2023-20957 1 Google 1 Android 2023-03-28 N/A 7.8 HIGH
In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258422561
CVE-2023-20964 1 Google 1 Android 2023-03-28 N/A 7.8 HIGH
In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-238177121
CVE-2023-1305 1 Rapid7 2 Insightappsec, Insightcloudsec 2023-03-28 N/A 8.1 HIGH
An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.
CVE-2023-22903 1 Librephotos Project 1 Librephotos 2023-03-28 N/A 9.8 CRITICAL
api/views/user.py in LibrePhotos before e19e539 has incorrect access control.
CVE-2022-20467 1 Google 1 Android 2023-03-28 N/A 5.5 MEDIUM
In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225880741
CVE-2023-0386 1 Linux 1 Linux Kernel 2023-03-27 N/A 7.8 HIGH
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
CVE-2023-25589 1 Arubanetworks 1 Clearpass Policy Manager 2023-03-27 N/A 9.8 CRITICAL
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise.
CVE-2023-27094 1 Opengoofy 1 Hippo4j 2023-03-27 N/A 8.8 HIGH
An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module.
CVE-2023-25134 1 Mcafee 1 Total Protection 2023-03-27 N/A 6.7 MEDIUM
McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload.
CVE-2023-0839 1 Inscada Project 1 Inscada 2023-03-26 N/A 9.8 CRITICAL
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1.
CVE-2023-21449 1 Samsung 1 Android 2023-03-24 N/A 5.5 MEDIUM
Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission.
CVE-2023-21457 1 Samsung 1 Android 2023-03-24 N/A 8.1 HIGH
Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission.