Total
2822 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-21490 | 1 Samsung | 1 Android | 2024-08-02 | 4.7 Medium |
Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager. | ||||
CVE-2023-21493 | 1 Samsung | 1 Android | 2024-08-02 | 6.8 Medium |
Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data. | ||||
CVE-2023-21495 | 1 Samsung | 1 Android | 2024-08-02 | 4 Medium |
Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set. | ||||
CVE-2023-21463 | 2 Google, Samsung | 2 Android, Myfiles | 2024-08-02 | 4 Medium |
Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions. | ||||
CVE-2023-21447 | 1 Samsung | 1 Cloud | 2024-08-02 | 4 Medium |
Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent. | ||||
CVE-2023-21442 | 1 Samsung | 1 Android | 2024-08-02 | 4 Medium |
Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information. | ||||
CVE-2023-21427 | 1 Samsung | 1 Android | 2024-08-02 | 5.4 Medium |
Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition. | ||||
CVE-2023-20873 | 2 Redhat, Vmware | 3 Amq Streams, Camel Spring Boot, Spring Boot | 2024-08-02 | 9.8 Critical |
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. | ||||
CVE-2023-20261 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2024-08-02 | 6.5 Medium |
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file system of an affected system. To exploit this vulnerability, the attacker must be an authenticated user. | ||||
CVE-2023-20579 | 2024-08-02 | 7.9 High | ||
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability. | ||||
CVE-2023-20223 | 1 Cisco | 1 Dna Center | 2024-08-02 | 8.6 High |
A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device. | ||||
CVE-2023-20267 | 1 Cisco | 1 Firepower Threat Defense | 2024-08-02 | 4 Medium |
A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability by spoofing an IP address until they bypass the restriction. A successful exploit could allow the attacker to bypass location-based IP address restrictions. | ||||
CVE-2023-20260 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-08-02 | 6 Medium |
A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system. | ||||
CVE-2023-20587 | 2024-08-02 | 8.4 High | ||
Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution. | ||||
CVE-2023-20237 | 1 Cisco | 4 Intersight Assist, Intersight Connected Virtual Appliance, Intersight Private Virtual Appliance and 1 more | 2024-08-02 | 4.3 Medium |
A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker access to internal subnets beyond the sphere of their intended access level. | ||||
CVE-2023-20224 | 1 Cisco | 1 Thousandeyes Enterprise Agent | 2024-08-02 | 7.8 High |
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient input validation of user-supplied CLI arguments. An attacker could exploit this vulnerability by authenticating to an affected device and using crafted commands at the prompt. A successful exploit could allow the attacker to execute arbitrary commands as root. The attacker must have valid credentials on the affected device. | ||||
CVE-2023-20191 | 1 Cisco | 1 Ios Xr | 2024-08-02 | 5.8 Medium |
A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication . | ||||
CVE-2023-20065 | 1 Cisco | 271 1000 Integrated Services Router, 1100-4g Integrated Services Router, 1100-4p Integrated Services Router and 268 more | 2024-08-02 | 7.8 High |
A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. | ||||
CVE-2023-7193 | 1 Mtab | 1 Bookmark | 2024-08-02 | 4.6 Medium |
A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249395. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-7223 | 1 Totolink | 2 T6, T6 Firmware | 2024-08-02 | 5.3 Medium |
A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This affects an unknown part of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |