Skip to main content
CVE-2023-42138 HIGH This Week

Out-of-bounds read vulnerability exists in KV STUDIO Ver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Kv Replay Viewer Kv Studio
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39325 HIGH PATCH This Week

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Http2 Fedora Astra Trident +1
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2023-44186 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-35661 HIGH This Week

In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-35652 HIGH This Week

In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-44119 HIGH This Week

Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-44114 HIGH This Week

Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44108 HIGH This Week

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44111 HIGH This Week

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44104 HIGH This Week

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44103 HIGH This Week

Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44101 HIGH This Week

The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-44100 HIGH This Week

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44097 HIGH This Week

Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44095 HIGH This Week

Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44109 HIGH This Week

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-44096 HIGH This Week

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44093 HIGH This Week

Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-4990 HIGH This Week

Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Espeak Ng Mcl Net Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-35649 HIGH This Week

In several functions of Exynos modem files, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Samsung Android
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-26319 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Command Injection Xiaomi Router Ax3200 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-26318 HIGH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Xiaomi Router Ax3200 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-35660 MEDIUM This Month

In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-35655 MEDIUM This Month

In CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-35654 MEDIUM This Month

In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-4936 MEDIUM This Month

It is possible to sideload a compromised DLL during the installation at elevated privilege. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Displaylink
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-5487 MEDIUM This Month

Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-5484 MEDIUM This Month

Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-5483 MEDIUM This Month

Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-5481 MEDIUM This Month

Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-5479 MEDIUM This Month

Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-5475 MEDIUM This Month

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-45396 MEDIUM This Month

An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Etg150 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-35645 MEDIUM This Month

In tbd of tbd, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5473 MEDIUM This Month

Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2023-37538 MEDIUM PATCH This Month

HCL Digital Experience is susceptible to cross site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Digital Experience
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-44187 MEDIUM This Month

An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Juniper Junos Os Evolved
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-38217 MEDIUM This Month

Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Bridge
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-38216 MEDIUM This Month

Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Adobe Denial Of Service Memory Corruption Bridge
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-44190 MEDIUM This Month

An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos Os Evolved
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-44189 MEDIUM This Month

An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos Os Evolved
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-28635 MEDIUM PATCH This Month

vantage6 is privacy preserving federated learning infrastructure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Vantage6
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-44188 MEDIUM This Month

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-44102 MEDIUM This Month

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-41304 MEDIUM This Month

Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-44094 MEDIUM This Month

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-35653 MEDIUM This Month

In TBD of TBD, there is a possible way to access location information due to a permissions bypass. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-5486 MEDIUM This Month

Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-5485 MEDIUM This Month

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-5478 MEDIUM This Month

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.8%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy