Total
3285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33917 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-10-10 | 5.5 Medium |
| In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | ||||
| CVE-2023-38445 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-10-10 | 5.5 Medium |
| In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges | ||||
| CVE-2023-20824 | 2 Google, Mediatek | 46 Android, Mt2713, Mt6580 and 43 more | 2024-10-10 | 5.5 Medium |
| In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951402. | ||||
| CVE-2023-20825 | 2 Google, Mediatek | 46 Android, Mt2713, Mt6580 and 43 more | 2024-10-10 | 5.5 Medium |
| In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413. | ||||
| CVE-2023-38446 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-10-10 | 5.5 Medium |
| In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges | ||||
| CVE-2023-38447 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-10-10 | 5.5 Medium |
| In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges | ||||
| CVE-2024-43940 | 2 Victory Media Llc, Zynith | 2 Zynith, Zynith | 2024-10-10 | 6.5 Medium |
| Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9. | ||||
| CVE-2024-43939 | 2 Victory Media Llc, Zynith | 2 Zynith, Zynith | 2024-10-10 | 6.5 Medium |
| Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9. | ||||
| CVE-2024-8431 | 2024-10-10 | 4.3 Medium | ||
| The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve private post titles. | ||||
| CVE-2023-21133 | 1 Google | 1 Android | 2024-10-09 | 6.8 Medium |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21132 | 1 Google | 1 Android | 2024-10-09 | 6.8 Medium |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-40216 | 1 Openbsd | 1 Openbsd | 2024-10-09 | 5.5 Medium |
| OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences. | ||||
| CVE-2023-30950 | 1 Palantir | 1 Foundry Campaigns | 2024-10-09 | 6.5 Medium |
| The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint | ||||
| CVE-2023-21140 | 1 Google | 1 Android | 2024-10-09 | 6.8 Medium |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21134 | 1 Google | 1 Android | 2024-10-09 | 6.8 Medium |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-23639 | 1 Mainwp | 1 Staging Extension | 2024-10-09 | 5.4 Medium |
| Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3. | ||||
| CVE-2024-31098 | 1 Mrebabi | 1 New Order Notification For Woocommerce | 2024-10-09 | 8.1 High |
| Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2. | ||||
| CVE-2023-21288 | 1 Google | 1 Android | 2024-10-09 | 5.5 Medium |
| In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21234 | 1 Google | 1 Android | 2024-10-09 | 5.5 Medium |
| In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-30467 | 1 Wpdeveloper | 1 Essential Blocks | 2024-10-08 | 6.5 Medium |
| Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through 4.4.9. | ||||