Total
392 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29054 | 1 Siemens | 26 Scalance X200-4p Irt, Scalance X200-4p Irt Firmware, Scalance X201-3p Irt and 23 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. | |||||
| CVE-2023-28896 | 1 Preh | 2 Mib3, Mib3 Firmware | 2024-11-21 | N/A | 3.3 LOW |
| Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. | |||||
| CVE-2023-28021 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | N/A | 5.9 MEDIUM |
| The BigFix WebUI uses weak cipher suites. | |||||
| CVE-2023-27987 | 1 Apache | 1 Linkis | 2024-11-21 | N/A | 9.1 CRITICAL |
| In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token | |||||
| CVE-2023-26943 | 1 Assaabloy | 2 Yale Keyless Smart Lock, Yale Keyless Smart Lock Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original. | |||||
| CVE-2023-26942 | 1 Assaabloy | 2 Yale Ia-210, Yale Ia-210 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original. | |||||
| CVE-2023-26941 | 1 Assaabloy | 2 Yale Conexis L1, Yale Conexis L1 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original. | |||||
| CVE-2023-23911 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | N/A | 7.5 HIGH |
| An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. | |||||
| CVE-2023-23597 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 6.5 MEDIUM |
| A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109. | |||||
| CVE-2023-22271 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.3 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful exploitation requires to already have in possession this encrypted secret. | |||||
| CVE-2023-21444 | 1 Samsung | 1 Flow | 2024-11-21 | N/A | 7.5 HIGH |
| Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands. | |||||
| CVE-2023-21443 | 1 Samsung | 1 Flow | 2024-11-21 | N/A | 7.5 HIGH |
| Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands. | |||||
| CVE-2023-21145 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-20942 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-20185 | 1 Cisco | 2 Nexus 9000 In Aci Mode, Nx-os | 2024-11-21 | N/A | 7.4 HIGH |
| A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites. Cisco has not released and will not release software updates that address this vulnerability. | |||||
| CVE-2023-1764 | 2 Apple, Canon | 3 Mac Os X, Macos, Ij Network Tool | 2024-11-21 | N/A | 6.5 MEDIUM |
| Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software. | |||||
| CVE-2023-0525 | 1 Mitsubishielectric | 14 Gs21, Gs21 Firmware, Gs25 and 11 more | 2024-11-21 | N/A | 7.5 HIGH |
| Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled. | |||||
| CVE-2022-4048 | 1 Codesys | 1 Development System V3 | 2024-11-21 | N/A | 7.7 HIGH |
| Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application. | |||||
| CVE-2022-4036 | 1 Dwbooster | 1 Appointment Hour Booking | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie. | |||||
| CVE-2022-48193 | 1 Softing | 1 Smartlink Sw-ht | 2024-11-21 | N/A | 5.9 MEDIUM |
| Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL). | |||||