Skip to main content
CVE-2023-49284 MEDIUM POC PATCH This Month

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

RCE Information Disclosure Denial Of Service Apple Fish
NVD GitHub
CVSS 3.1
6.6
EPSS
0.5%
CVE-2023-46736 MEDIUM POC PATCH This Month

EspoCRM is an Open Source CRM (Customer Relationship Management) software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Espocrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-26943 MEDIUM POC This Month

Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yale Keyless Smart Lock Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-26942 MEDIUM POC This Month

Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yale Ia 210 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-26941 MEDIUM POC This Month

Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yale Conexis L1 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49290 MEDIUM POC PATCH This Month

lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jwx
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-49292 MEDIUM POC PATCH This Month

ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Go
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-44298 MEDIUM This Month

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Intel Dell Poweredge R660 Firmware +12
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-44297 MEDIUM This Month

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Information Disclosure Intel Dell +13
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-42576 MEDIUM This Month

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Pass
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-42575 MEDIUM This Month

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Pass
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-42571 MEDIUM This Month

Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Find My Mobile
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-42561 MEDIUM This Month

Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-42565 MEDIUM This Month

Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-42557 MEDIUM This Month

Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-28586 MEDIUM This Month

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware +304
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-5808 MEDIUM This Month

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Vantara Hitachi Network Attached Storage
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-45084 MEDIUM This Month

An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hypercloud
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-42573 MEDIUM This Month

PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models allows local attackers to access data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Search Widget
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42572 MEDIUM This Month

Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account Web Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42564 MEDIUM This Month

Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42556 MEDIUM This Month

Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33070 MEDIUM PATCH This Month

Transient DOS in Automotive OS due to improper authentication to the secure IO calls. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware C V2x 9150 Firmware +98
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-49289 MEDIUM PATCH This Month

Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Ajax Net Professional
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-49283 MEDIUM PATCH This Month

microsoft-graph-core the Microsoft Graph Library for PHP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure PHP Microsoft Graph
NVD GitHub
CVSS 3.1
5.3
EPSS
2.2%
CVE-2023-49282 MEDIUM PATCH This Month

msgraph-sdk-php is the Microsoft Graph Library for PHP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure PHP Microsoft Graph
NVD GitHub
CVSS 3.1
5.3
EPSS
2.2%
CVE-2023-6180 MEDIUM PATCH This Month

The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Boring
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-42579 MEDIUM This Month

Improper usage of insecure protocol (i.e. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Samsung Information Disclosure Google Samsung Keyboard
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-42559 MEDIUM This Month

Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.2
EPSS
0.3%
CVE-2023-45083 MEDIUM This Month

An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Hypercloud
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-42568 MEDIUM This Month

Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy