Skip to main content
CVE-2023-33080 HIGH This Week

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9206 Lte Modem Firmware Apq8017 Firmware Apq8064au Firmware +361
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33044 HIGH This Week

Transient DOS in Data modem while handling TLB control messages from the Network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Ar8035 Firmware Wcn3991 Firmware Wcn3998 Firmware +85
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33043 HIGH This Week

Transient DOS in Modem when a Beam switch request is made with a non-configured BWP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ar8035 Firmware Wcn3991 Firmware Wcn3998 Firmware Wcn6750 Firmware +54
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33042 HIGH This Week

Transient DOS in Modem after RRC Setup message is received. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Ar8035 Firmware Wcn3991 Firmware Wcn3998 Firmware +70
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-33041 HIGH This Week

Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ar8035 Firmware Csr8811 Firmware Wcn685X 5 Firmware Wcn685X 1 Firmware +122
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-28588 HIGH PATCH This Week

Transient DOS in Bluetooth Host while rfc slot allocation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Apq8017 Firmware Apq8064au Firmware Aqt1000 Firmware +205
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-44221 HIGH KEV THREAT This Week

Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody'. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sma 200 Firmware Sma 210 Firmware Sma 400 Firmware Sma 410 Firmware +1
NVD
CVSS 3.1
7.2
EPSS
74.9%
CVE-2023-44298 MEDIUM This Month

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Intel Dell Poweredge R660 Firmware +12
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-44297 MEDIUM This Month

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Information Disclosure Intel Dell +13
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-42576 MEDIUM This Month

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Pass
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-42575 MEDIUM This Month

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Pass
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-42571 MEDIUM This Month

Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Find My Mobile
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-42561 MEDIUM This Month

Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-42565 MEDIUM This Month

Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-42557 MEDIUM This Month

Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-28586 MEDIUM This Month

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware +304
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-5808 MEDIUM This Month

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Vantara Hitachi Network Attached Storage
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-45084 MEDIUM This Month

An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hypercloud
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-42573 MEDIUM This Month

PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models allows local attackers to access data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Search Widget
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42572 MEDIUM This Month

Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account Web Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42564 MEDIUM This Month

Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42556 MEDIUM This Month

Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33070 MEDIUM PATCH This Month

Transient DOS in Automotive OS due to improper authentication to the secure IO calls. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware C V2x 9150 Firmware +98
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-49289 MEDIUM PATCH This Month

Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Ajax Net Professional
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-49283 MEDIUM PATCH This Month

microsoft-graph-core the Microsoft Graph Library for PHP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure PHP Microsoft Graph
NVD GitHub
CVSS 3.1
5.3
EPSS
2.2%
CVE-2023-49282 MEDIUM PATCH This Month

msgraph-sdk-php is the Microsoft Graph Library for PHP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure PHP Microsoft Graph
NVD GitHub
CVSS 3.1
5.3
EPSS
2.2%
CVE-2023-6180 MEDIUM PATCH This Month

The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Boring
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-42579 MEDIUM This Month

Improper usage of insecure protocol (i.e. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Samsung Information Disclosure Google Samsung Keyboard
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-42559 MEDIUM This Month

Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.2
EPSS
0.3%
CVE-2023-45083 MEDIUM This Month

An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Hypercloud
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-42568 MEDIUM This Month

Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-45085 LOW Monitor

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hypercloud
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-42570 LOW Monitor

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-42569 LOW Monitor

Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-42577 LOW Monitor

Improper Access Control in Samsung Voice Recorder prior to versions 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14 allows physical attackers to access Voice Recorder information on. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Google Samsung Voice Recorder
NVD
CVSS 3.1
2.4
EPSS
0.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy