Search Results (37051 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-42631 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-11-21 5.5 Medium
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVE-2023-42575 1 Samsung 1 Pass 2024-11-21 5.4 Medium
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting.
CVE-2023-42569 1 Samsung 1 Android 2024-11-21 4 Medium
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji.
CVE-2023-42525 4 Apple, Linux, Microsoft and 1 more 10 Macos, Linux Kernel, Windows and 7 more 2024-11-21 7.5 High
Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
CVE-2023-42524 4 Apple, Linux, Microsoft and 1 more 10 Macos, Linux Kernel, Windows and 7 more 2024-11-21 7.5 High
Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
CVE-2023-42469 1 Fulldive 1 Full Dialer 2024-11-21 3.3 Low
The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component.
CVE-2023-42464 2 Debian, Netatalk 2 Debian Linux, Netatalk 2024-11-21 9.8 Critical
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.
CVE-2023-42461 1 Glpi-project 1 Glpi 2024-11-21 6.5 Medium
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
CVE-2023-42441 1 Vyperlang 1 Vyper 2024-11-21 5.3 Medium
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type `@nonreentrant("")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string.
CVE-2023-42406 1 Dlink 2 Dar-7000, Dar-7000 Firmware 2024-11-21 9.8 Critical
SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component.
CVE-2023-42405 1 Fit2cloud 1 Rackshift 2024-11-21 9.8 Critical
SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list().
CVE-2023-42359 1 Exam Form Submission In Php With Source Code Project 1 Exam Form Submission In Php With Source Code 2024-11-21 9.8 Critical
SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php.
CVE-2023-42284 1 Tyk 1 Tyk 2024-11-21 9.8 Critical
Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.
CVE-2023-42283 1 Tyk 1 Tyk 2024-11-21 9.8 Critical
Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.
CVE-2023-42279 1 Iteachyou 1 Dreamer Cms 2024-11-21 9.8 Critical
Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form.
CVE-2023-42268 1 Jeecg 1 Jeecg Boot 2024-11-21 9.8 Critical
Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.
CVE-2023-42006 1 Ibm 1 I 2024-11-21 8.4 High
IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266.
CVE-2023-41947 1 Jenkins 1 Frugal Testing 2024-11-21 4.3 Medium
A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials.
CVE-2023-41945 1 Jenkins 1 Assembla Auth 2024-11-21 8.8 High
Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.
CVE-2023-41943 1 Jenkins 1 Aws Codecommit Trigger 2024-11-21 6.5 Medium
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue.