Search Results (34218 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-23482 2 Ibm, Linux 2 Sterling Partner Engagement Manager, Linux Kernel 2025-01-06 5.4 Medium
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891.
CVE-2023-33848 3 Hp, Ibm, Linux 5 Hp-ux, Aix, Cics Tx and 2 more 2025-01-06 4.9 Medium
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. IBM X-Force ID: 257104.
CVE-2023-24476 1 Ptc 1 Vuforia Studio 2025-01-06 1.8 Low
An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.
CVE-2023-0342 1 Mongodb 1 Ops Manager Server 2025-01-06 3.1 Low
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12
CVE-2023-29766 1 Appcrossx 1 Crossx 2025-01-06 7.8 High
An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files.
CVE-2023-29761 1 Urbanandroid 1 Sleep 2025-01-06 5.5 Medium
An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
CVE-2023-29759 1 Flightaware 1 Flightaware 2025-01-06 5.5 Medium
An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files.
CVE-2023-29758 1 Leap 1 Blue Light Filter 2025-01-06 5.5 Medium
An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
CVE-2023-29757 1 Leap 1 Blue Light Filter 2025-01-06 7.8 High
An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
CVE-2023-29756 1 Urbanandroid 1 Twilight 2025-01-06 5.5 Medium
An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
CVE-2023-29755 1 Urbanandroid 1 Twilight 2025-01-06 7.8 High
An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
CVE-2023-29753 1 Ekatox 1 Facemoji\ 2025-01-06 5.5 Medium
An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files.
CVE-2023-35034 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2025-01-06 9.8 Critical
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka OSFOURK-24033.
CVE-2023-2455 3 Fedoraproject, Postgresql, Redhat 9 Fedora, Postgresql, Enterprise Linux and 6 more 2025-01-06 5.4 Medium
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
CVE-2023-29749 1 Yandex 1 Navigator 2025-01-06 7.8 High
An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
CVE-2023-27716 1 Kafkaui-lite Project 1 Kafkaui-lite 2025-01-06 9.8 Critical
An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it.
CVE-2019-16283 2 Hp, Microsoft 2 Softpaq Installer, Windows 2025-01-06 7.8 High
A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution.
CVE-2023-32312 1 Umbraco 1 Umbraco Identity Extensibility 2025-01-06 3.7 Low
UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit flow is not safe. For traditional MVC applications, it is recommended to use the authorization code flow, which requires the client to authenticate with the authorization server using a client secret. This flow provides better security, as it involves exchanging an authorization code for an access token and/or ID token, rather than directly returning tokens in the URL fragment. This issue has been patched in commit `e792429f9` and a release to Nuget is pending. Users are advised to upgrade when possible.
CVE-2023-32219 1 Mazda 2 Mazda, Mazda Firmware 2025-01-06 6.5 Medium
A Mazda model (2015-2016) can be unlocked via an unspecified method.
CVE-2023-21245 1 Google 1 Android 2025-01-06 7.8 High
In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.