Total
3289 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21373 | 1 Google | 1 Android | 2024-09-06 | 7.8 High |
| In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-42632 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-06 | 5.5 Medium |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-42637 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-06 | 5.5 Medium |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-42636 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-06 | 5.5 Medium |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-42638 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-06 | 5.5 Medium |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-42633 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-06 | 5.5 Medium |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-21378 | 1 Google | 1 Android | 2024-09-06 | 7.8 High |
| In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21382 | 1 Google | 1 Android | 2024-09-06 | 5.5 Medium |
| In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21388 | 1 Google | 1 Android | 2024-09-06 | 7.8 High |
| In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21389 | 1 Google | 1 Android | 2024-09-06 | 7.8 High |
| In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21393 | 1 Google | 1 Android | 2024-09-06 | 7.8 High |
| In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-42634 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-06 | 5.5 Medium |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-42635 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-06 | 5.5 Medium |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-4164 | 1 Google | 2 Android, Pixel | 2024-09-06 | 8.4 High |
| There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed. | ||||
| CVE-2023-42639 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-06 | 5.5 Medium |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-42640 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-06 | 5.5 Medium |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2024-8121 | 1 Wpextended | 1 Wp Extended | 2024-09-06 | 5.4 Medium |
| The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change an admin's username to a username of their liking as long as the default 'admin' was used. | ||||
| CVE-2023-46352 | 1 Smartmodules | 1 Facebookconversiontrackingplus | 2024-09-06 | 7.5 High |
| In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email. | ||||
| CVE-2024-7381 | 2 Infinitumform, Wordpress | 2 Geo Controller, Geo Controller | 2024-09-06 | 5.3 Medium |
| The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site. | ||||
| CVE-2024-7380 | 1 Infinitumform | 1 Geo Controller | 2024-09-06 | 4.3 Medium |
| The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajax__geolocate_menu and ajax__geolocate_remove_menu functions in all versions up to, and including, 8.6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create or delete WordPress menus. | ||||