Skip to main content
CVE-2023-21094 HIGH PATCH This Week

In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21093 HIGH PATCH This Week

In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Path Traversal Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21092 HIGH PATCH This Week

In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21089 HIGH PATCH This Week

In startInstrumentation of ActivityManagerService.java, there is a possible way to keep the foreground service alive while the app is in the background. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21088 HIGH PATCH This Week

In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21086 HIGH PATCH This Week

In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Java Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21083 HIGH This Week

In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without showing a privacy indicator due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21081 HIGH PATCH This Week

In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Java Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20967 HIGH This Week

In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20950 HIGH PATCH This Week

In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-30797 HIGH PATCH This Week

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Lemur
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-25619 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Momentum Unity M1E Processor Firmware Modicon Mc80 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2135 HIGH This Week

Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-21084 MEDIUM This Month

In buildPropFile of filesystem.go, there is a possible insecure hash due to an improperly used crypto. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20941 MEDIUM This Month

In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2023-25620 MEDIUM This Month

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Momentum Unity M1E Processor Firmware Modicon Mc80 Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-20862 MEDIUM PATCH This Month

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Security Active Iq Unified Manager
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2023-30614 MEDIUM PATCH This Month

Pay is a payments engine for Ruby on Rails 6.0 and higher. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pay
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26599 MEDIUM This Month

XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tripleplay
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-2170 MEDIUM PATCH This Month

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Taxopress
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2169 MEDIUM PATCH This Month

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Taxopress
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2168 MEDIUM PATCH This Month

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Suggest Terms Title field in versions up to, and including, 3.6.4 due to insufficient input sanitization and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Taxopress
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2166 MEDIUM This Month

A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28328 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28327 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2162 MEDIUM PATCH This Month

A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28124 MEDIUM This Month

Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Desktop
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28123 MEDIUM This Month

A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Desktop
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21091 MEDIUM PATCH This Month

In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possible way to change system app locales due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Denial Of Service Google Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21087 MEDIUM PATCH This Month

In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21082 MEDIUM This Month

In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21080 MEDIUM This Month

In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-20935 MEDIUM This Month

In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-20909 MEDIUM This Month

In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Google Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-1900 MEDIUM This Month

A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30610 MEDIUM PATCH This Month

aws-sigv4 is a rust library for low level request signing in the aws cloud platform. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aws Sigv4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29586 MEDIUM This Month

Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Teracopy
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-27777 MEDIUM This Month

Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Online Jewelry Shop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-25759 MEDIUM This Month

OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tripleplay
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-30611 MEDIUM PATCH This Month

Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Reactions
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-21090 MEDIUM PATCH This Month

In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Google Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2023-30612 MEDIUM PATCH This Month

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Cloud Hypervisor
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-0317 MEDIUM This Month

Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-1382 MEDIUM This Month

A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-1586 MEDIUM This Month

Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Microsoft Antivirus Anti Virus
NVD
CVSS 3.1
4.7
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy