Search Results (364883 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-42628 1 Liferay 2 Digital Experience Platform, Liferay Portal 2024-11-21 9 Critical
Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki page's ‘Content’ text field.
CVE-2023-42581 1 Samsung 1 Galaxy Store 2024-11-21 7.5 High
Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.
CVE-2023-42580 1 Samsung 1 Galaxy Store 2024-11-21 7.5 High
Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.
CVE-2023-42579 2 Google, Samsung 2 Android, Samsung Keyboard 2024-11-21 6.5 Medium
Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack.
CVE-2023-42578 1 Samsung 1 Cloud 2024-11-21 6.5 Medium
Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission.
CVE-2023-42577 1 Samsung 2 Android, Samsung Voice Recorder 2024-11-21 6.8 Medium
Improper Access Control in Samsung Voice Recorder prior to versions 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14 allows physical attackers to access Voice Recorder information on the lock screen.
CVE-2023-42575 1 Samsung 1 Pass 2024-11-21 5.4 Medium
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting.
CVE-2023-42574 1 Samsung 1 Gamehomecn 2024-11-21 5.1 Medium
Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2 allows local attackers to launch arbitrary activity in GameHomeCN.
CVE-2023-42573 1 Samsung 1 Search Widget 2024-11-21 4.7 Medium
PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models allows local attackers to access data.
CVE-2023-42572 1 Samsung 1 Account Web Software Development Kit 2024-11-21 3.3 Low
Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive information.
CVE-2023-42570 1 Samsung 1 Android 2024-11-21 5.9 Medium
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.
CVE-2023-42569 1 Samsung 1 Android 2024-11-21 4 Medium
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji.
CVE-2023-42568 1 Samsung 1 Android 2024-11-21 7.3 High
Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege.
CVE-2023-42567 1 Samsung 1 Android 2024-11-21 7.3 High
Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow.
CVE-2023-42566 1 Samsung 1 Android 2024-11-21 7.3 High
Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.
CVE-2023-42565 1 Samsung 1 Android 2024-11-21 7.3 High
Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.
CVE-2023-42563 1 Samsung 1 Android 2024-11-21 6.7 Medium
Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.
CVE-2023-42562 1 Samsung 1 Android 2024-11-21 6.7 Medium
Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.
CVE-2023-42560 1 Samsung 1 Android 2024-11-21 7.4 High
Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.
CVE-2023-42559 1 Samsung 1 Android 2024-11-21 4.9 Medium
Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.