Total
29469 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41775 | 2 Apple, L-is-b | 2 Macos, Direct | 2024-11-21 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc. of the device where the product is installed without the user's consent. | |||||
| CVE-2023-41679 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | N/A | 8.5 HIGH |
| An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs | |||||
| CVE-2023-41570 | 1 Mikrotik | 1 Routeros | 2024-11-21 | N/A | 5.3 MEDIUM |
| MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. | |||||
| CVE-2023-40850 | 1 Netentsec | 2 Ns-asg, Ns-asg Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway. | |||||
| CVE-2023-40708 | 1 Opto22 | 2 Snap Pac S1, Snap Pac S1 Firmware | 2024-11-21 | N/A | 5.8 MEDIUM |
| The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files. | |||||
| CVE-2023-40540 | 1 Intel | 112 Nuc 11 Enthusiast Kit Nuc11phki7c, Nuc 11 Enthusiast Kit Nuc11phki7c Firmware, Nuc 11 Enthusiast Mini Pc Nuc11phki7caa and 109 more | 2024-11-21 | N/A | 4.1 MEDIUM |
| Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-40453 | 1 Docker | 1 Machine | 2024-11-21 | N/A | 6.5 MEDIUM |
| Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-40158 | 1 Cbc | 46 Dr-16f42a, Dr-16f42a Firmware, Dr-16f45at and 43 more | 2024-11-21 | N/A | 8.8 HIGH |
| Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided. | |||||
| CVE-2023-40151 | 1 Redlioncontrols | 12 St-ipm-6350, St-ipm-6350 Firmware, St-ipm-8460 and 9 more | 2024-11-21 | N/A | 10.0 CRITICAL |
| When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge. | |||||
| CVE-2023-40138 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40137 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40136 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40135 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40134 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40133 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40127 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40123 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40092 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40081 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40073 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||