Total
264263 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-30716 | 1 Samsung | 1 Android | 2024-09-26 | 4 Medium |
Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands. | ||||
CVE-2023-30717 | 1 Samsung | 1 Android | 2024-09-26 | 4 Medium |
Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers. | ||||
CVE-2023-30718 | 1 Samsung | 1 Android | 2024-09-26 | 4 Medium |
Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting. | ||||
CVE-2024-9086 | 1 Code-projects | 1 Restaurant Reservation System | 2024-09-26 | 6.3 Medium |
A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Affected is an unknown function of the file /filter.php. The manipulation of the argument from/to leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "from" to be affected. But it must be assumed that parameter "to" is affected as well. | ||||
CVE-2023-30719 | 1 Samsung | 1 Android | 2024-09-26 | 4 Medium |
Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data. | ||||
CVE-2024-47087 | 1 Apexsoftcell | 2 Ld Dp Back Office, Ld Geo | 2024-09-26 | 6.5 Medium |
This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client ID, DPID or BOID) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users. | ||||
CVE-2023-4878 | 1 Instantcms | 1 Instantcms | 2024-09-26 | 5.4 Medium |
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
CVE-2023-30720 | 1 Samsung | 1 Android | 2024-09-26 | 4.7 Medium |
PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access. | ||||
CVE-2023-30721 | 1 Samsung | 1 Android | 2024-09-26 | 4.4 Medium |
Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log. | ||||
CVE-2023-30722 | 1 Samsung | 1 Blockchain Keystore | 2024-09-26 | 5.5 Medium |
Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code. | ||||
CVE-2023-30723 | 1 Samsung | 1 Health | 2024-09-26 | 5.5 Medium |
Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege. | ||||
CVE-2023-30724 | 1 Samsung | 1 Gallery | 2024-09-26 | 4 Medium |
Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history. | ||||
CVE-2023-30725 | 1 Samsung | 1 Gallery | 2024-09-26 | 5.1 Medium |
Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider. | ||||
CVE-2023-27523 | 1 Apache | 1 Superset | 2024-09-26 | 5 Medium |
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to. | ||||
CVE-2023-39264 | 1 Apache | 1 Superset | 2024-09-26 | 4.3 Medium |
By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0. | ||||
CVE-2023-41328 | 1 Frappe | 1 Frappe | 2024-09-26 | 4.2 Medium |
Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised to upgrade. There's no workaround to fix this without upgrading. | ||||
CVE-2020-19318 | 2 D-link, Dlink | 3 Dir-605l, Dir-605l, Dir-605l Firmware | 2024-09-26 | 8.8 High |
Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program. | ||||
CVE-2023-4872 | 1 Contact Manager App Project | 1 Contact Manager App | 2024-09-26 | 6.3 Medium |
A vulnerability, which was classified as critical, has been found in SourceCodester Contact Manager App 1.0. This issue affects some unknown processing of the file add.php. The manipulation of the argument contact/contactName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239357 was assigned to this vulnerability. | ||||
CVE-2023-41050 | 1 Zope | 2 Accesscontrol, Zope | 2024-09-26 | 6.8 Medium |
AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2023-4871 | 1 Contact Manager App Project | 1 Contact Manager App | 2024-09-26 | 6.3 Medium |
A vulnerability classified as critical was found in SourceCodester Contact Manager App 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument contact/contactName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239356. |