Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23793 | 1 Spice-space | 1 Spice-server | 2023-08-26 | N/A | 8.6 HIGH |
| An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects. | |||||
| CVE-2023-4434 | 1 Hamza417 | 1 Inure | 2023-08-25 | N/A | 6.1 MEDIUM |
| Missing Authorization in GitHub repository hamza417/inure prior to build88. | |||||
| CVE-2023-37860 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2023-08-25 | N/A | 7.5 HIGH |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon. | |||||
| CVE-2023-4302 | 1 Jenkins | 1 Fortify | 2023-08-24 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-21134 | 1 Google | 1 Android | 2023-08-24 | N/A | 6.8 MEDIUM |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21140 | 1 Google | 1 Android | 2023-08-24 | N/A | 6.8 MEDIUM |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21132 | 1 Google | 1 Android | 2023-08-24 | N/A | 6.8 MEDIUM |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21133 | 1 Google | 1 Android | 2023-08-24 | N/A | 6.8 MEDIUM |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40216 | 1 Openbsd | 1 Openbsd | 2023-08-23 | N/A | 5.5 MEDIUM |
| OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences. | |||||
| CVE-2023-40027 | 1 Keystonejs | 1 Keystone | 2023-08-23 | N/A | 5.3 MEDIUM |
| Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When `ui.isAccessAllowed` is set as `undefined`, the `adminMeta` GraphQL query is publicly accessible (no session required). This is different to the behaviour of the default AdminUI middleware, which by default will only be publicly accessible (no session required) if a `session` strategy is not defined. This vulnerability does not affect developers using the `@keystone-6/auth` package, or any users that have written their own `ui.isAccessAllowed` (that is to say, `isAccessAllowed` is not `undefined`). This vulnerability does affect users who believed that their `session` strategy will, by default, enforce that `adminMeta` is inaccessible by the public in accordance with that strategy; akin to the behaviour of the AdminUI middleware. This vulnerability has been patched in `@keystone-6/core` version `5.5.1`. Users are advised to upgrade. Users unable to upgrade may opt to write their own `isAccessAllowed` functionality to work-around this vulnerability. | |||||
| CVE-2023-39438 | 1 Sap | 1 Contributor License Agreement Assistant | 2023-08-22 | N/A | 8.1 HIGH |
| A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as well as custom fields the CLA requester had configured. In addition, an arbitrary authenticated user can update or delete the CLA-configuration for repositories or organizations using CLA-assistant. The stored access tokens for GitHub are not affected, as these are redacted from the API-responses. | |||||
| CVE-2023-39507 | 1 Recruit | 1 Rikunabi Next | 2023-08-22 | N/A | 6.1 MEDIUM |
| Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website. | |||||
| CVE-2023-21288 | 1 Google | 1 Android | 2023-08-21 | N/A | 5.5 MEDIUM |
| In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21234 | 1 Google | 1 Android | 2023-08-18 | N/A | 5.5 MEDIUM |
| In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-4106 | 1 Mattermost | 1 Mattermost | 2023-08-15 | N/A | 6.5 MEDIUM |
| Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks. | |||||
| CVE-2023-4105 | 1 Mattermost | 1 Mattermost | 2023-08-15 | N/A | 4.3 MEDIUM |
| Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message | |||||
| CVE-2023-37862 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2023-08-15 | N/A | 8.2 HIGH |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service. | |||||
| CVE-2023-33912 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-10 | N/A | 5.5 MEDIUM |
| In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33911 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2023-08-10 | N/A | 5.5 MEDIUM |
| In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33910 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-10 | N/A | 5.5 MEDIUM |
| In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||