Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42714 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-07 | N/A | 5.5 MEDIUM |
| In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42706 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-07 | N/A | 5.5 MEDIUM |
| In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42708 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-07 | N/A | 5.5 MEDIUM |
| In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42707 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-07 | N/A | 5.5 MEDIUM |
| In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42709 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-07 | N/A | 5.5 MEDIUM |
| In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42728 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-07 | N/A | 5.5 MEDIUM |
| In phasecheckserver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2023-42729 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-07 | N/A | 4.4 MEDIUM |
| In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | |||||
| CVE-2023-6466 | 1 Thecosy | 1 Icecms | 2023-12-07 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file /planet of the component User Comment Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246616. | |||||
| CVE-2023-33356 | 1 Thecosy | 1 Icecms | 2023-12-07 | N/A | 5.4 MEDIUM |
| IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2023-49948 | 1 Forgejo | 1 Forgejo | 2023-12-07 | N/A | 5.3 MEDIUM |
| Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss (or another extension) to a URL. | |||||
| CVE-2023-42704 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-07 | N/A | 5.5 MEDIUM |
| In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42703 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-07 | N/A | 5.5 MEDIUM |
| In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42702 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-07 | N/A | 5.5 MEDIUM |
| In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42701 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-07 | N/A | 5.5 MEDIUM |
| In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42705 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-07 | N/A | 5.5 MEDIUM |
| In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42698 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-07 | N/A | 5.5 MEDIUM |
| In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42697 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-07 | N/A | 5.5 MEDIUM |
| In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42700 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-07 | N/A | 5.5 MEDIUM |
| In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42699 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-07 | N/A | 5.5 MEDIUM |
| In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-34833 | 1 Thinkadmin | 1 Thinkadmin | 2023-12-07 | N/A | 6.1 MEDIUM |
| An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2020-29315 | 1 Thinkadmin | 1 Thinkadmin | 2023-12-07 | 4.3 MEDIUM | 5.4 MEDIUM |
| ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML. | |||||
| CVE-2023-35116 | 1 Fasterxml | 1 Jackson-databind | 2023-12-07 | N/A | 4.7 MEDIUM |
| jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker. | |||||
| CVE-2023-44765 | 1 Concretecms | 1 Concrete Cms | 2023-12-07 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings. | |||||
| CVE-2023-44761 | 1 Concretecms | 1 Concrete Cms | 2023-12-07 | N/A | 5.4 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects. | |||||
| CVE-2022-4957 | 1 Librespeed | 1 Speedtest | 2023-12-07 | N/A | 6.1 MEDIUM |
| A vulnerability was found in librespeed speedtest up to 5.2.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file results/stats.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. Upgrading to version 5.2.5 is able to address this issue. The patch is named a85f2c086f3449dffa8fe2edb5e2ef3ee72dc0e9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-246643. | |||||
| CVE-2022-48463 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-06 | N/A | 5.5 MEDIUM |
| In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2022-48462 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-06 | N/A | 5.5 MEDIUM |
| In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2022-48464 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-06 | N/A | 5.5 MEDIUM |
| In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2023-42676 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-06 | N/A | 5.5 MEDIUM |
| In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42675 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-06 | N/A | 5.5 MEDIUM |
| In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42674 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-06 | N/A | 5.5 MEDIUM |
| In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42673 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-06 | N/A | 5.5 MEDIUM |
| In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42672 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-06 | N/A | 5.5 MEDIUM |
| In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42671 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-06 | N/A | 5.5 MEDIUM |
| In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42677 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-06 | N/A | 5.5 MEDIUM |
| In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42678 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-06 | N/A | 5.5 MEDIUM |
| In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-6472 | 1 Phpems | 1 Phpems | 2023-12-06 | N/A | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246629 was assigned to this vulnerability. | |||||
| CVE-2023-6473 | 1 Remyandrade | 1 Online Quiz System | 2023-12-06 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online Quiz System 1.0. This affects an unknown part of the file take-quiz.php. The manipulation of the argument quiz_taker/year_section leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246639. | |||||
| CVE-2023-48094 | 1 Cesium | 1 Cesiumjs | 2023-12-06 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /container_files/public_html/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.html is part of the CesiumGS/cesium GitHub repository, but is demo code that is not part of the CesiumJS JavaScript library product. | |||||
| CVE-2022-40433 | 1 Oracle | 1 Openjdk | 2023-12-06 | N/A | 4.9 MEDIUM |
| An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service. Note: Vendor states that this to is Defense in Depth at most due to the nature of the issue and the special circumstances required (server must be running particular code locally, code compiled with an old, old version of javac, etc.). | |||||
| CVE-2023-28895 | 1 Preh | 2 Mib3, Mib3 Firmware | 2023-12-06 | N/A | 6.8 MEDIUM |
| The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. | |||||
| CVE-2023-44381 | 1 Octobercms | 1 October | 2023-12-06 | N/A | 4.9 MEDIUM |
| October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15. | |||||
| CVE-2023-49277 | 1 Darrennathanael | 1 Dpaste | 2023-12-06 | N/A | 6.1 MEDIUM |
| dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user's browser, potentially leading to unauthorized access, data theft, or other malicious activities. Users are strongly advised to upgrade to dpaste release v3.8 or later versions, as dpaste versions older than v3.8 are susceptible to the identified security vulnerability. No known workarounds have been identified, and applying the patch is the most effective way to remediate the vulnerability. | |||||
| CVE-2023-49926 | 1 Misp | 1 Misp | 2023-12-06 | N/A | 6.1 MEDIUM |
| app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget. | |||||
| CVE-2023-6465 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2023-12-06 | N/A | 6.1 MEDIUM |
| A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as problematic. This affects an unknown part of the file registered-user-testing.php. The manipulation of the argument regmobilenumber leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246615. | |||||
| CVE-2023-49276 | 1 Uptime.kuma | 1 Uptime Kuma | 2023-12-06 | N/A | 6.1 MEDIUM |
| Uptime Kuma is an open source self-hosted monitoring tool. In affected versions the Google Analytics element in vulnerable to Attribute Injection leading to Cross-Site-Scripting (XSS). Since the custom status interface can set an independent Google Analytics ID and the template has not been sanitized, there is an attribute injection vulnerability here, which can lead to XSS attacks. This vulnerability has been addressed in commit `f28dccf4e` which is included in release version 1.23.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48314 | 1 Collaboraoffice | 1 Collabora Online | 2023-12-06 | N/A | 6.1 MEDIUM |
| Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-49281 | 1 Cainor | 1 Calendarinho | 2023-12-06 | N/A | 6.1 MEDIUM |
| Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15b2393`. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-6462 | 1 Remyandrade | 1 User Registration And Login System | 2023-12-06 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester User Registration and Login System 1.0. Affected is an unknown function of the file /endpoint/delete-user.php. The manipulation of the argument user leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246612. | |||||
| CVE-2023-6463 | 1 Remyandrade | 1 User Registration And Login System | 2023-12-06 | N/A | 5.4 MEDIUM |
| A vulnerability has been found in SourceCodester User Registration and Login System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument first_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246613 was assigned to this vulnerability. | |||||