Total
35574 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46930 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14. | ||||
| CVE-2023-46928 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42. | ||||
| CVE-2023-46916 | 1 Maximawatches | 2 Maxima Max Pro Power, Maxima Max Pro Power Firmware | 2024-11-21 | 4.3 Medium |
| Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor. | ||||
| CVE-2023-46771 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-46764 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously. | ||||
| CVE-2023-46763 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously. | ||||
| CVE-2023-46757 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 High |
| The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2023-46755 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart. | ||||
| CVE-2023-46723 | 1 Pajip | 1 Lte-pic32-writer | 2024-11-21 | 8.9 High |
| lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use `sendto.txt` are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNS(such as slack and zulip) URL and API key. As of time of publication, a patch is not yet available. As workarounds, avoid using `sendto.txt` or use `.htaccess` to block access to `sendto.txt`. | ||||
| CVE-2023-46666 | 1 Elastic | 1 Elastic Sharepoint Online Python Connector | 2024-11-21 | 5.3 Medium |
| An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch. | ||||
| CVE-2023-46510 | 1 Zioncom | 2 A7000r, A7000r Firmware | 2024-11-21 | 9.8 Critical |
| An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function. | ||||
| CVE-2023-46509 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2024-11-21 | 9.8 Critical |
| An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. | ||||
| CVE-2023-46501 | 1 Boltwire | 1 Boltwire | 2024-11-21 | 9.1 Critical |
| An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function. | ||||
| CVE-2023-46498 | 1 Evershop | 1 Evershop | 2024-11-21 | 9.8 Critical |
| An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file. | ||||
| CVE-2023-46404 | 1 Utoronto | 1 Pcrs | 2024-11-21 | 9.9 Critical |
| PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing. | ||||
| CVE-2023-46393 | 1 Gougucms | 1 Gougucms | 2024-11-21 | 7.5 High |
| gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet. | ||||
| CVE-2023-46363 | 1 Jbig2enc Project | 1 Jbig2enc | 2024-11-21 | 5.5 Medium |
| jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512. | ||||
| CVE-2023-46361 | 1 Artifex | 1 Jbig2dec | 2024-11-21 | 6.5 Medium |
| Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c. | ||||
| CVE-2023-46360 | 1 Hardy-barth | 2 Cph2 Echarge, Cph2 Echarge Firmware | 2024-11-21 | 8.8 High |
| Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges. | ||||
| CVE-2023-46322 | 1 Iterm2 | 1 Iterm2 | 2024-11-21 | 9.8 Critical |
| iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period. | ||||