Skip to main content
CVE-2023-21234 MEDIUM This Month

In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21230 MEDIUM This Month

In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21268 MEDIUM PATCH This Month

In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Path Traversal Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21267 MEDIUM This Month

In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-39950 MEDIUM This Month

efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Efibootguard
NVD GitHub
CVSS 3.1
5.2
EPSS
0.4%
CVE-2023-40312 MEDIUM PATCH This Month

Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
5.2
EPSS
0.6%
CVE-2023-40311 MEDIUM PATCH This Month

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-30752 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS External Videos
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-30751 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Article Directory Redux
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-30749 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Optima Express Marketboost Idx
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-30477 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Affiliate Solution
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29097 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS A3 Portfolio
NVD
CVSS 3.1
4.8
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy