CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2023-45781 In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interac... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-49280 XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then ... | 7.7 | HIGH | — | 0 |
| CVE-2023-42575 Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-49285 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This b... | 8.6 | HIGH | — | 0 |
| CVE-2023-49286 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper ... | 8.6 | HIGH | — | 0 |
| CVE-2023-49288 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed ... | 8.6 | HIGH | — | 0 |
| CVE-2023-49293 Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via `server.transformIndexHtml`, the original request URL is passed in unmodified, and the `html` being transf... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-5944 Delta Electronics DOPSoft is vulnerable to a stack-based buffer overflow, which may allow for arbitrary code execution if an attacker can lead a legitimate user to execute a specially crafted file. | 7.8 | HIGH | — | 0 |
| CVE-2023-42576 Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-46480 Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the devic... | 8.1 | HIGH | — | 0 |
| CVE-2023-26941 Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-26942 Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-26943 Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-49284 fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It wi... | 3.9 | LOW | — | 0 |
| CVE-2023-49289 Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. Affected version... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-49290 lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial of s... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-49291 tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The `tj-actions/branch-names` GitHub Actions improperly references the `github.event.pull_reques... | 9.3 | CRITICAL | — | 0 |
| CVE-2023-49292 ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate(), Decapsulate() and ECDH() could be called by an attacker, they could recover any private ke... | 4.9 | MEDIUM | — | 0 |
| CVE-2023-41168 NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of 4). | 5.4 | MEDIUM | — | 0 |
| CVE-2023-5808 SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configur... | 7.6 | HIGH | — | 0 |
| CVE-2023-48315 Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabiliti... | 8.8 | HIGH | — | 0 |
| CVE-2023-48316 Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabiliti... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48691 Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could ... | 8.1 | HIGH | — | 0 |
| CVE-2023-48692 Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabiliti... | 9.0 | CRITICAL | — | 0 |
| CVE-2023-48693 Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in para... | 8.7 | HIGH | — | 0 |
| CVE-2023-21634 Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM. | 6.7 | MEDIUM | — | 0 |
| CVE-2023-22668 Memory Corruption in Audio while invoking IOCTLs calls from the user-space. | 6.7 | MEDIUM | — | 0 |
| CVE-2023-33024 Memory corruption while sending SMS from AP firmware. | 6.7 | MEDIUM | — | 0 |
| CVE-2023-33041 Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids. | 7.5 | HIGH | — | 0 |
| CVE-2023-33071 Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities. | 8.4 | HIGH | — | 0 |
| CVE-2023-33081 Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast. | 7.5 | HIGH | — | 0 |
| CVE-2023-33082 Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-33083 Memory corruption in WLAN Host while processing RRM beacon on the AP. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-33097 Transient DOS in WLAN Firmware while processing a FTMR frame. | 7.5 | HIGH | — | 0 |
| CVE-2023-42556 Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information. | 3.3 | LOW | — | 0 |
| CVE-2023-41169 NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of 4). | 5.4 | MEDIUM | — | 0 |
| CVE-2023-42557 Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code. | 5.6 | MEDIUM | — | 0 |
| CVE-2023-42558 Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution. | 6.0 | MEDIUM | — | 0 |
| CVE-2023-42559 Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time. | 4.9 | MEDIUM | — | 0 |
| CVE-2023-42560 Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code. | 7.4 | HIGH | — | 0 |
| CVE-2023-42561 Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code. | 7.1 | HIGH | — | 0 |
| CVE-2023-42562 Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. | 6.7 | MEDIUM | — | 0 |
| CVE-2023-42563 Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. | 6.7 | MEDIUM | — | 0 |
| CVE-2023-42564 Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege. | 6.6 | MEDIUM | — | 0 |
| CVE-2023-42565 Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code. | 7.3 | HIGH | — | 0 |
| CVE-2023-37572 Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be ... | 7.5 | HIGH | — | 0 |
| CVE-2023-42566 Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code. | 7.3 | HIGH | — | 0 |
| CVE-2023-42567 Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow. | 7.3 | HIGH | — | 0 |
| CVE-2023-42568 Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege. | 7.3 | HIGH | — | 0 |
| CVE-2023-42569 Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji. | 4.0 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.