Total
27889 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-1647 | 1 Cal | 1 Cal.com | 2023-03-31 | N/A | 8.8 HIGH |
Improper Access Control in GitHub repository calcom/cal.com prior to 2.7. | |||||
CVE-2023-1143 | 1 Deltaww | 1 Infrasuite Device Master | 2023-03-30 | N/A | 8.8 HIGH |
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code. | |||||
CVE-2022-40208 | 1 Moodle | 1 Moodle | 2023-03-30 | N/A | 4.3 MEDIUM |
In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt. | |||||
CVE-2022-37603 | 1 Webpack.js | 1 Loader-utils | 2023-03-30 | N/A | 7.5 HIGH |
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. | |||||
CVE-2023-20975 | 1 Google | 1 Android | 2023-03-30 | N/A | 7.8 HIGH |
In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-250573776 | |||||
CVE-2022-31247 | 1 Suse | 1 Rancher | 2023-03-29 | N/A | 9.1 CRITICAL |
An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16. | |||||
CVE-2005-1796 | 2 Debian, Ettercap | 2 Debian Linux, Ettercap | 2023-03-29 | 7.5 HIGH | N/A |
Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code. | |||||
CVE-2023-20929 | 1 Google | 1 Android | 2023-03-29 | N/A | 5.5 MEDIUM |
In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-234442700 | |||||
CVE-2023-20957 | 1 Google | 1 Android | 2023-03-28 | N/A | 7.8 HIGH |
In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258422561 | |||||
CVE-2023-20964 | 1 Google | 1 Android | 2023-03-28 | N/A | 7.8 HIGH |
In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-238177121 | |||||
CVE-2023-1305 | 1 Rapid7 | 2 Insightappsec, Insightcloudsec | 2023-03-28 | N/A | 8.1 HIGH |
An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. | |||||
CVE-2023-22903 | 1 Librephotos Project | 1 Librephotos | 2023-03-28 | N/A | 9.8 CRITICAL |
api/views/user.py in LibrePhotos before e19e539 has incorrect access control. | |||||
CVE-2022-20467 | 1 Google | 1 Android | 2023-03-28 | N/A | 5.5 MEDIUM |
In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225880741 | |||||
CVE-2023-0386 | 1 Linux | 1 Linux Kernel | 2023-03-27 | N/A | 7.8 HIGH |
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. | |||||
CVE-2023-25589 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-03-27 | N/A | 9.8 CRITICAL |
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise. | |||||
CVE-2023-27094 | 1 Opengoofy | 1 Hippo4j | 2023-03-27 | N/A | 8.8 HIGH |
An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module. | |||||
CVE-2023-25134 | 1 Mcafee | 1 Total Protection | 2023-03-27 | N/A | 6.7 MEDIUM |
McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload. | |||||
CVE-2023-0839 | 1 Inscada Project | 1 Inscada | 2023-03-26 | N/A | 9.8 CRITICAL |
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1. | |||||
CVE-2023-21449 | 1 Samsung | 1 Android | 2023-03-24 | N/A | 5.5 MEDIUM |
Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission. | |||||
CVE-2023-21457 | 1 Samsung | 1 Android | 2023-03-24 | N/A | 8.1 HIGH |
Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission. |