Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21574 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-21559 | 1 Microsoft | 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Windows Cryptographic Information Disclosure Vulnerability
|
|||||
| CVE-2023-21558 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Error Reporting Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-21554 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 9 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-21550 | 1 Microsoft | 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Windows Cryptographic Information Disclosure Vulnerability
|
|||||
| CVE-2023-21540 | 1 Microsoft | 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Windows Cryptographic Information Disclosure Vulnerability
|
|||||
| CVE-2023-21516 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | N/A | 7.5 HIGH |
|
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
|
|||||
| CVE-2023-21515 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | N/A | 7.5 HIGH |
|
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
|
|||||
| CVE-2023-21514 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
|
|||||
| CVE-2023-21504 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.6 MEDIUM |
|
Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
|
|||||
| CVE-2023-21503 | 1 Samsung | 2 Android, Exynos | 2024-11-21 | N/A | 5.6 MEDIUM |
|
Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
|
|||||
| CVE-2023-21502 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.7 MEDIUM |
|
Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.
|
|||||
| CVE-2023-21501 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 8.2 HIGH |
|
Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.
|
|||||
| CVE-2023-21498 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.0 MEDIUM |
|
Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.
|
|||||
| CVE-2023-21494 | 1 Samsung | 2 Android, Exynos | 2024-11-21 | N/A | 5.6 MEDIUM |
|
Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
|
|||||
| CVE-2023-21453 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.0 MEDIUM |
|
Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data.
|
|||||
| CVE-2023-21451 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
|
A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions.
|
|||||
| CVE-2023-21446 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.2 MEDIUM |
|
Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles.
|
|||||
| CVE-2023-21439 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 8.5 HIGH |
|
Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities.
|
|||||
| CVE-2023-21434 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | N/A | 6.2 MEDIUM |
|
Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.
|
|||||
| CVE-2023-21431 | 1 Samsung | 1 Bixby Vision | 2024-11-21 | N/A | 3.3 LOW |
|
Improper input validation in Bixby Vision prior to version 3.7.70.17 allows attacker to access data of Bixby Vision.
|
|||||
| CVE-2023-21428 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code.
|
|||||
| CVE-2023-21391 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.5 HIGH |
|
In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-21284 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-21272 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-21251 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.3 HIGH |
|
In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2023-21192 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227207653
|
|||||
| CVE-2023-20621 | 2 Google, Mediatek | 13 Android, Mt6739, Mt6761 and 10 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In tinysys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664755; Issue ID: ALPS07664755.
|
|||||
| CVE-2023-20564 | 2 Amd, Microsoft | 4 Ryzen Master, Ryzen Master Monitoring Sdk, Windows 10 and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.
|
|||||
| CVE-2023-20560 | 2 Amd, Microsoft | 4 Ryzen Master, Ryzen Master Monitoring Sdk, Windows 10 and 1 more | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service.
|
|||||
| CVE-2023-20270 | 1 Cisco | 1 Firepower Threat Defense | 2024-11-21 | N/A | 5.8 MEDIUM |
|
A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error-checking when the Snort 3 detection engine is processing SMB traffic. An attacker could exploit this vulnerability by sending a ...
Show More |
|||||
| CVE-2023-20255 | 1 Cisco | 1 Meeting Server | 2024-11-21 | N/A | 5.3 MEDIUM |
|
A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause a partial availability condition, which could cause ongoing video calls to be dropped due to the invalid ...
Show More |
|||||
| CVE-2023-20232 | 1 Cisco | 1 Unified Contact Center Express | 2024-11-21 | N/A | 5.3 MEDIUM |
|
A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device.
This vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific API endpoint on the Unified CCX Finesse Portal. A successful exploit could allow the attacker to cause the internal WebPro ...
Show More |
|||||
| CVE-2023-20231 | 1 Cisco | 74 Catalyst 9105ax, Catalyst 9105axi, Catalyst 9105axw and 71 more | 2024-11-21 | N/A | 8.8 HIGH |
|
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges.
Note: This vulnerability is exploitable only if the attacker ...
Show More |
|||||
| CVE-2023-20192 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-11-21 | N/A | 9.6 CRITICAL |
|
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details secti ...
Show More |
|||||
| CVE-2023-20172 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2023-20171 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2023-20169 | 1 Cisco | 35 Nexus 3048, Nexus 31108pc-v, Nexus 31108tc-v and 32 more | 2024-11-21 | N/A | 7.4 HIGH |
|
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.
This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerabi ...
Show More |
|||||
| CVE-2023-20168 | 1 Cisco | 84 Mds 9000, Mds 9100, Mds 9132t and 81 more | 2024-11-21 | N/A | 7.1 HIGH |
|
A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the ...
Show More |
|||||
| CVE-2023-20134 | 1 Cisco | 1 Webex Meetings | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||