Skip to main content
CVE-2023-21373 HIGH This Week

In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21372 HIGH This Week

In libdexfile, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21358 HIGH This Week

In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21355 HIGH This Week

In libaudioclient, there is a possible out of bounds write due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21351 HIGH This Week

In multiple locations, there is a possible background activity launch due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21343 HIGH This Week

In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21342 HIGH This Week

In RemoteSpeechRecognitionService of RemoteSpeechRecognitionService.java, there is a possible way to launch an activity from the background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21341 HIGH This Week

In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21337 HIGH This Week

In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21328 HIGH This Week

In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21324 HIGH This Week

In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21313 HIGH This Week

In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21298 HIGH This Week

In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-44141 HIGH This Week

Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Inkdrop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-45956 HIGH This Week

An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via crafted Move and MoveWithOnoff commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Led Strip Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-21391 HIGH This Week

In Messaging, there is a possible way to disable the messaging application due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-21353 HIGH This Week

In NFA, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-21347 HIGH This Week

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-21339 HIGH This Week

In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-5349 LOW POC PATCH Monitor

A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rmagick Fedora
NVD GitHub
CVSS 3.1
3.3
EPSS
0.7%
CVE-2023-45780 HIGH This Week

In Print Service, there is a possible background activity launch due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2023-21380 MEDIUM This Month

In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-21371 MEDIUM This Month

In Secure Element, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-21370 MEDIUM This Month

In the Security Element API, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-21360 MEDIUM This Month

In Bluetooth, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-21310 MEDIUM This Month

In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-43648 MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Basercms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-21395 MEDIUM This Month

In Bluetooth, there is a possible out of bounds read due to a use after free. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Use After Free Memory Corruption Information Disclosure +1
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-47090 MEDIUM PATCH This Month

NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nats Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-21315 MEDIUM This Month

In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-5164 MEDIUM PATCH This Month

The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Bellows Accordion Menu
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5049 MEDIUM PATCH This Month

The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepress_gutenberg' shortcode in versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Rafflepress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5252 MEDIUM PATCH This Month

The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping on. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Fareharbor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-36920 MEDIUM This Month

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Enable Now Enable Now Consump Del Enable Now Wpb Manager Enable Now Wpb Manager Ce +1
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-4964 MEDIUM This Month

Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Asset Management X Service Management Automation X
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-4393 MEDIUM This Month

HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Liquidfiles
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-40101 MEDIUM This Month

In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21394 MEDIUM This Month

In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21385 MEDIUM This Month

In Whitechapel, there is a possible out of bounds read due to memory corruption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21384 MEDIUM This Month

In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21383 MEDIUM This Month

In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21382 MEDIUM This Month

In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21377 MEDIUM This Month

In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21376 MEDIUM This Month

In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21369 MEDIUM This Month

In Usage Access, there is a possible way to display a Settings usage access restriction toggle screen due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21368 MEDIUM This Month

In Audio, there is a possible out of bounds read due to missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21367 MEDIUM This Month

In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21366 MEDIUM This Month

In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21365 MEDIUM This Month

In Contacts, there is a possible crash loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21364 MEDIUM This Month

In ContactsProvider, there is a possible crash loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy