Total
29703 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-44285 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2024-11-21 | 7.8 High |
| Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege. | ||||
| CVE-2023-44203 | 1 Juniper | 26 Ex2300, Ex2300-24mp, Ex2300-24p and 23 more | 2024-11-21 | 6.5 Medium |
| An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only. This issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S3; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2. | ||||
| CVE-2023-44195 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 5.4 Medium |
| An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system. If specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access. CVE-2023-44196 is a prerequisite for this issue. This issue affects Juniper Networks Junos OS Evolved: * 21.3-EVO versions prior to 21.3R3-S5-EVO; * 21.4-EVO versions prior to 21.4R3-S4-EVO; * 22.1-EVO version 22.1R1-EVO and later; * 22.2-EVO version 22.2R1-EVO and later; * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4-EVO versions prior to 22.4R3-EVO. This issue doesn't not affected Junos OS Evolved versions prior to 21.3R1-EVO. | ||||
| CVE-2023-43984 | 1 Advanced Export Products Orders Cron Csv Excel Project | 1 Advanced Export Products Orders Cron Csv Excel | 2024-11-21 | 7.5 High |
| Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table. | ||||
| CVE-2023-43588 | 1 Zoom | 3 Meetings, Virtual Desktop Infrastructure, Zoom | 2024-11-21 | 3.5 Low |
| Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. | ||||
| CVE-2023-43585 | 1 Zoom | 3 Meeting Software Development Kit, Video Software Development Kit, Zoom | 2024-11-21 | 7.1 High |
| Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access. | ||||
| CVE-2023-43352 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 7.8 High |
| An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component. | ||||
| CVE-2023-43336 | 1 Sangoma | 1 Freepbx | 2024-11-21 | 8.8 High |
| Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. | ||||
| CVE-2023-43141 | 1 Totolink | 4 A3700r, A3700r Firmware, N600r and 1 more | 2024-11-21 | 9.8 Critical |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. | ||||
| CVE-2023-43089 | 1 Dell | 1 Rugged Control Center | 2024-11-21 | 4.4 Medium |
| Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources. | ||||
| CVE-2023-43086 | 1 Dell | 1 Command\|configure | 2024-11-21 | 7.3 High |
| Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation. | ||||
| CVE-2023-42581 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | 7.5 High |
| Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data. | ||||
| CVE-2023-42580 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | 7.5 High |
| Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store. | ||||
| CVE-2023-42577 | 1 Samsung | 2 Android, Samsung Voice Recorder | 2024-11-21 | 6.8 Medium |
| Improper Access Control in Samsung Voice Recorder prior to versions 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14 allows physical attackers to access Voice Recorder information on the lock screen. | ||||
| CVE-2023-42574 | 1 Samsung | 1 Gamehomecn | 2024-11-21 | 5.1 Medium |
| Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2 allows local attackers to launch arbitrary activity in GameHomeCN. | ||||
| CVE-2023-42570 | 1 Samsung | 1 Android | 2024-11-21 | 5.9 Medium |
| Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN. | ||||
| CVE-2023-42568 | 1 Samsung | 1 Android | 2024-11-21 | 7.3 High |
| Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege. | ||||
| CVE-2023-42555 | 1 Samsung | 1 Easysetup | 2024-11-21 | 6.3 Medium |
| Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device. | ||||
| CVE-2023-42544 | 1 Samsung | 1 Quick Share | 2024-11-21 | 5.5 Medium |
| Improper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files. | ||||
| CVE-2023-42543 | 1 Samsung | 1 Bixby Voice | 2024-11-21 | 6.2 Medium |
| Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege. | ||||