Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41679 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | N/A | 8.5 HIGH |
| An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs | |||||
| CVE-2023-41570 | 1 Mikrotik | 1 Routeros | 2024-11-21 | N/A | 5.3 MEDIUM |
| MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. | |||||
| CVE-2023-40850 | 1 Netentsec | 2 Ns-asg, Ns-asg Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway. | |||||
| CVE-2023-40708 | 1 Opto22 | 2 Snap Pac S1, Snap Pac S1 Firmware | 2024-11-21 | N/A | 5.8 MEDIUM |
| The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files. | |||||
| CVE-2023-40540 | 1 Intel | 112 Nuc 11 Enthusiast Kit Nuc11phki7c, Nuc 11 Enthusiast Kit Nuc11phki7c Firmware, Nuc 11 Enthusiast Mini Pc Nuc11phki7caa and 109 more | 2024-11-21 | N/A | 4.1 MEDIUM |
| Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-40453 | 1 Docker | 1 Machine | 2024-11-21 | N/A | 6.5 MEDIUM |
| Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-40158 | 1 Cbc | 46 Dr-16f42a, Dr-16f42a Firmware, Dr-16f45at and 43 more | 2024-11-21 | N/A | 8.8 HIGH |
| Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided. | |||||
| CVE-2023-40151 | 1 Redlioncontrols | 12 St-ipm-6350, St-ipm-6350 Firmware, St-ipm-8460 and 9 more | 2024-11-21 | N/A | 10.0 CRITICAL |
| When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge. | |||||
| CVE-2023-40138 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40137 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40136 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40135 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40134 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40133 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40127 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40123 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40092 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40081 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40073 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40023 | 1 Yaklang | 1 Yaklang | 2024-11-21 | N/A | 6.5 MEDIUM |
| yaklang is a programming language designed for cybersecurity. The Yak Engine has been found to contain a local file inclusion (LFI) vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to the unintended exposure of sensitive data, potential remote code execution, or other security breaches. Users utilizing versions of the Yak Engine prior to 1.2.4-sp1 are impacted. This vulnerability has been patched in version 1.2.4-sp1. Users are advised to upgrade. users unable to upgrade may avoid exposing vulnerable versions to untrusted input and to closely monitor any unexpected server behavior until they can upgrade. | |||||