Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41651 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26.
|
|||||
| CVE-2023-41296 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 9.1 CRITICAL |
|
Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.
|
|||||
| CVE-2023-41240 | 1 Varktech | 1 Pricing Deals For Woocommerce | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Vark Pricing Deals for WooCommerce.This issue affects Pricing Deals for WooCommerce: from n/a through 2.0.3.2.
|
|||||
| CVE-2023-41046 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 6.3 MEDIUM |
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type "TextArea" and content type "VelocityCode" or "VelocityWiki". For the former, the syntax of the document needs to be set the `xwiki/1.0` (this syntax doesn't need to be installed). In both cases, when adding the property to an object, the Velocity code is executed regardl ...
Show More |
|||||
| CVE-2023-40672 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through 2.1.
|
|||||
| CVE-2023-40654 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed
|
|||||
| CVE-2023-40653 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed
|
|||||
| CVE-2023-40650 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
|
|||||
| CVE-2023-40649 | 2 Google, Unisoc | 2 Android, Sc9863a | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
|
|||||
| CVE-2023-40648 | 2 Google, Unisoc | 2 Android, Sc9863a | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
|
|||||
| CVE-2023-40647 | 2 Google, Unisoc | 2 Android, Sc9863a | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
|
|||||
| CVE-2023-40646 | 2 Google, Unisoc | 2 Android, Sc9863a | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
|
|||||
| CVE-2023-40645 | 2 Google, Unisoc | 2 Android, Sc9863a | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
|
|||||
| CVE-2023-40644 | 2 Google, Unisoc | 2 Android, Sc9863a | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
|
|||||
| CVE-2023-40643 | 2 Google, Unisoc | 2 Android, Sc9863a | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
|
|||||
| CVE-2023-40642 | 2 Google, Unisoc | 2 Android, Sc9863a | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
|
|||||
| CVE-2023-40641 | 2 Google, Unisoc | 2 Android, Sc9863a | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
|
|||||
| CVE-2023-40640 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
|
|||||
| CVE-2023-40639 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
|
|||||
| CVE-2023-40638 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2024-11-21 | N/A | 4.4 MEDIUM |
|
In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed
|
|||||
| CVE-2023-40637 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
|
|||||
| CVE-2023-40636 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2024-11-21 | N/A | 4.4 MEDIUM |
|
In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed
|
|||||
| CVE-2023-40635 | 2 Google, Unisoc | 11 Android, S8000, Sc9863a and 8 more | 2024-11-21 | N/A | 7.8 HIGH |
|
In linkturbo, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
|
|||||
| CVE-2023-40634 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 7.8 HIGH |
|
In phasechecksercer, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
|
|||||
| CVE-2023-40633 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
|
|||||
| CVE-2023-40631 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 4.4 MEDIUM |
|
In Dialer, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed
|
|||||
| CVE-2023-40625 | 1 Sap | 1 S4core | 2024-11-21 | N/A | 5.4 MEDIUM |
|
S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.
|
|||||
| CVE-2023-40608 | 2024-11-21 | N/A | 8.2 HIGH | ||
|
Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through 0.3.
|
|||||
| CVE-2023-40603 | 1 Webtechforce | 1 Simple Org Chart | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Gangesh Matta Simple Org Chart.This issue affects Simple Org Chart: from n/a through 2.3.4.
|
|||||
| CVE-2023-40530 | 1 Skylark | 1 Skylark | 2024-11-21 | N/A | 4.7 MEDIUM |
|
Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device.
|
|||||
| CVE-2023-40376 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581.
|
|||||
| CVE-2023-40344 | 1 Jenkins | 1 Delphix | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
|
|||||
| CVE-2023-40216 | 1 Openbsd | 1 Openbsd | 2024-11-21 | N/A | 5.5 MEDIUM |
|
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences.
|
|||||
| CVE-2023-40209 | 1 Himalayasaxena | 1 Highcompress Image Compressor | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0.
|
|||||
| CVE-2023-40094 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-40089 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-40040 | 2 Google, Mycrops | 2 Android, Higrade | 2024-11-21 | N/A | 5.3 MEDIUM |
|
An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2 ...
Show More |
|||||
| CVE-2023-40027 | 1 Keystonejs | 1 Keystone | 2024-11-21 | N/A | 3.7 LOW |
|
Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When `ui.isAccessAllowed` is set as `undefined`, the `adminMeta` GraphQL query is publicly accessible (no session required). This is different to the behaviour of the default AdminUI middleware, which by default will only be publicly accessible (no session required) if a `session` strategy is not defined. This vulnerability does not affect developers using the `@keystone-6/auth` package, or any users that have wr ...
Show More |
|||||
| CVE-2023-40004 | 2024-11-21 | N/A | 7.3 HIGH | ||
|
Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box Extension: from n/a through 1.53; All-in-One WP Migration OneDrive Extension: from n/a through 1.66; All-in-One WP Migration Dropbox Extension: from n/a through 3.75; All-in-One WP Migration Google Drive E ...
Show More |
|||||
| CVE-2023-3999 | 1 Plugin | 1 Waiting | 2024-11-21 | N/A | 6.3 MEDIUM |
|
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create and delete countdowns as well as manipulate other plugin settings.
|
|||||