Total
29518 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-30998 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | N/A | 7.8 HIGH |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649. | |||||
| CVE-2023-30997 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | N/A | 7.8 HIGH |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638. | |||||
| CVE-2023-30952 | 1 Palantir | 1 Foundry | 2024-11-21 | N/A | 5.0 MEDIUM |
| A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 . | |||||
| CVE-2023-30946 | 1 Palantir | 1 Foundry Issues | 2024-11-21 | N/A | 3.5 LOW |
| A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue. | |||||
| CVE-2023-30739 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
| Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. | |||||
| CVE-2023-30737 | 1 Samsung | 1 Health | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | |||||
| CVE-2023-30734 | 1 Samsung | 1 Health | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | |||||
| CVE-2023-30722 | 1 Samsung | 1 Blockchain Keystore | 2024-11-21 | N/A | 5.5 MEDIUM |
| Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code. | |||||
| CVE-2023-30718 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting. | |||||
| CVE-2023-30714 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.6 MEDIUM |
| Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock. | |||||
| CVE-2023-30711 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider. | |||||
| CVE-2023-30706 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.5 HIGH |
| Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege. | |||||
| CVE-2023-30704 | 1 Samsung | 1 Internet | 2024-11-21 | N/A | 3.8 LOW |
| Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication. | |||||
| CVE-2023-30674 | 1 Samsung | 1 Internet | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie. | |||||
| CVE-2023-30671 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.3 MEDIUM |
| Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application. | |||||
| CVE-2023-30667 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.1 MEDIUM |
| Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege. | |||||
| CVE-2023-30654 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location. | |||||
| CVE-2023-30640 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration. | |||||
| CVE-2023-30590 | 1 Nodejs | 1 Node.js | 2024-11-21 | N/A | 7.5 HIGH |
| The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values". The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad. | |||||
| CVE-2023-2974 | 1 Redhat | 1 Build Of Quarkus | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol. | |||||