Export limit exceeded: 35190 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35190 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-44169 | 1 Seacms | 1 Seacms | 2024-11-21 | 9.8 Critical |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php. | ||||
| CVE-2023-44156 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 7.5 High |
| Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | ||||
| CVE-2023-44129 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2024-11-21 | 3.6 Low |
| The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the "com.lge.message.action.QCLIP" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the "onActivityResult()" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions="true"` flag set. | ||||
| CVE-2023-44127 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2024-11-21 | 3.6 Low |
| he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers. | ||||
| CVE-2023-44126 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2024-11-21 | 3.6 Low |
| The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc. | ||||
| CVE-2023-44125 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2024-11-21 | 6.1 Medium |
| The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service ("com.lge.abba") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag. | ||||
| CVE-2023-44123 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2024-11-21 | 6.1 Medium |
| The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth ("com.lge.bluetoothsetting") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag. | ||||
| CVE-2023-44121 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2024-11-21 | 5 Medium |
| The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action "com.lge.lms.things.notification.ACTION". Additionally, this vulnerability is very dangerous because LG ThinQ Service is a system app (having android:sharedUserId="android.uid.system" setting). Intent redirection in this app leads to accessing arbitrary not exported activities of absolutely all apps. | ||||
| CVE-2023-44118 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2023-44115 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of improper permission control in the Booster module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-44109 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-44107 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 9.1 Critical |
| Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity. | ||||
| CVE-2023-44106 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.8 Critical |
| API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2023-44093 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-44080 | 1 Pgyer | 1 Codefever | 2024-11-21 | 9.8 Critical |
| An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component. | ||||
| CVE-2023-44011 | 1 Mojoportal | 1 Mojoportal | 2024-11-21 | 9.8 Critical |
| An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component. | ||||
| CVE-2023-43998 | 1 Linecorp | 1 Line | 2024-11-21 | 5.4 Medium |
| An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43993 | 1 Linecorp | 1 Line | 2024-11-21 | 5.4 Medium |
| An issue in smaregi_app_market mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43901 | 1 Emsigner | 1 Emsigner | 2024-11-21 | 5.9 Medium |
| Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user. | ||||
| CVE-2023-43814 | 1 Discourse | 1 Discourse | 2024-11-21 | 3.7 Low |
| Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to the fixed version. | ||||