Total
638 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10365 | 1 Google | 1 Kubernetes Engine | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission. | |||||
| CVE-2023-45911 | 1 Wipotec | 1 Comscale | 2023-10-25 | N/A | 9.8 CRITICAL |
| An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password. | |||||
| CVE-2023-45357 | 1 Archerirm | 1 Archer | 2023-10-24 | N/A | 6.5 MEDIUM |
| Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 (6.14.0) is also a fixed release. | |||||
| CVE-2023-44394 | 1 Mantisbt | 1 Mantisbt | 2023-10-23 | N/A | 4.3 MEDIUM |
| MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.258`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`). | |||||
| CVE-2023-35013 | 1 Ibm | 1 Security Verify Governance | 2023-10-19 | N/A | 4.4 MEDIUM |
| IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769. | |||||
| CVE-2023-32275 | 1 Softether | 1 Vpn | 2023-10-18 | N/A | 4.4 MEDIUM |
| An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2023-44102 | 1 Huawei | 2 Emui, Harmonyos | 2023-10-16 | N/A | 5.3 MEDIUM |
| Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable. | |||||
| CVE-2023-44101 | 1 Huawei | 1 Harmonyos | 2023-10-16 | N/A | 7.5 HIGH |
| The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-30802 | 1 Sangfor | 1 Next-gen Application Firewall | 2023-10-13 | N/A | 5.3 MEDIUM |
| The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field. | |||||
| CVE-2023-44122 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2023-10-02 | N/A | 7.8 HIGH |
| The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The LockScreenSettings app copies the received file to the "/data/shared/dw/mycategory/wallpaper_01.png" path and then changes the file access mode to world-readable and world-writable. | |||||
| CVE-2023-44124 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2023-10-02 | N/A | 3.3 LOW |
| The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The Screen recording app saves contents of arbitrary URIs to SD card which is a world-readable storage. | |||||
| CVE-2023-31014 | 2 Google, Nvidia | 2 Android, Geforce Now | 2023-09-22 | N/A | 4.8 MEDIUM |
| NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution. | |||||
| CVE-2023-39043 | 1 Ykc | 1 Tokushima Awayokocho | 2023-09-22 | N/A | 6.5 MEDIUM |
| An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39058 | 1 The B Members Card Project | 1 The B Members Card | 2023-09-21 | N/A | 6.5 MEDIUM |
| An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39046 | 1 Tonton-tei Waiting Project | 1 Tonton-tei Waiting | 2023-09-20 | N/A | 6.5 MEDIUM |
| An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-38558 | 1 Siemens | 1 Simatic Pcs Neo | 2023-09-20 | N/A | 5.5 MEDIUM |
| A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems. | |||||
| CVE-2023-40788 | 1 Bladex | 1 Springblade | 2023-09-19 | N/A | 5.3 MEDIUM |
| SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs | |||||
| CVE-2023-39056 | 1 Coffee-jumbo Project | 1 Coffee-jumbo | 2023-09-19 | N/A | 6.5 MEDIUM |
| An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39049 | 1 Youmart-tokunaga Project | 1 Youmart-tokunaga | 2023-09-19 | N/A | 6.5 MEDIUM |
| An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39039 | 1 Camp Style Project Line Project | 1 Camp Style Project Line | 2023-09-19 | N/A | 6.5 MEDIUM |
| An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||