Total
28799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32285 | 1 Intel | 134 Compute Element Stk2mv64cc, Compute Element Stk2mv64cc Firmware, Nuc Board Nuc7i3bnb and 131 more | 2023-11-07 | N/A | 4.4 MEDIUM |
| Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2023-31199 | 1 Intel | 1 Solid State Drive Toolbox | 2023-11-07 | N/A | 6.7 MEDIUM |
| Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-30952 | 1 Palantir | 1 Foundry | 2023-11-07 | N/A | 4.3 MEDIUM |
| A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 . | |||||
| CVE-2023-30946 | 1 Palantir | 1 Foundry Issues | 2023-11-07 | N/A | 4.3 MEDIUM |
| A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue. | |||||
| CVE-2023-30737 | 1 Samsung | 1 Health | 2023-11-07 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | |||||
| CVE-2023-30734 | 1 Samsung | 1 Health | 2023-11-07 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | |||||
| CVE-2023-30722 | 1 Samsung | 1 Blockchain Keystore | 2023-11-07 | N/A | 7.8 HIGH |
| Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code. | |||||
| CVE-2023-30718 | 1 Samsung | 1 Android | 2023-11-07 | N/A | 3.3 LOW |
| Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting. | |||||
| CVE-2023-30714 | 1 Samsung | 1 Android | 2023-11-07 | N/A | 4.6 MEDIUM |
| Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock. | |||||
| CVE-2023-30711 | 1 Samsung | 1 Android | 2023-11-07 | N/A | 3.3 LOW |
| Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider. | |||||
| CVE-2023-30706 | 1 Samsung | 1 Android | 2023-11-07 | N/A | 4.9 MEDIUM |
| Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege. | |||||
| CVE-2023-30704 | 1 Samsung | 1 Internet | 2023-11-07 | N/A | 4.6 MEDIUM |
| Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication. | |||||
| CVE-2023-30674 | 1 Samsung | 1 Internet | 2023-11-07 | N/A | 6.5 MEDIUM |
| Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie. | |||||
| CVE-2023-30671 | 1 Samsung | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application. | |||||
| CVE-2023-30667 | 1 Samsung | 1 Android | 2023-11-07 | N/A | 3.3 LOW |
| Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege. | |||||
| CVE-2023-30654 | 1 Samsung | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location. | |||||
| CVE-2023-30640 | 1 Samsung | 1 Android | 2023-11-07 | N/A | 3.3 LOW |
| Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration. | |||||
| CVE-2023-2974 | 1 Redhat | 1 Build Of Quarkus | 2023-11-07 | N/A | 8.1 HIGH |
| A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol. | |||||
| CVE-2023-2734 | 1 Inspireui | 1 Mstore Api | 2023-11-07 | N/A | 9.8 CRITICAL |
| The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. | |||||
| CVE-2023-2733 | 1 Inspireui | 1 Mstore Api | 2023-11-07 | N/A | 9.8 CRITICAL |
| The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. | |||||