This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T19:13:49+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution.]]> 2023-10-31T04:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47174 www.secnews.physaphae.fr/article.php?IdArticle=8403315 False None None None CVE Liste - Common Vulnerability Exposure SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components.]]> 2023-10-31T04:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27846 www.secnews.physaphae.fr/article.php?IdArticle=8403306 False Vulnerability None None CVE Liste - Common Vulnerability Exposure JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters.]]> 2023-10-31T03:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-20110 www.secnews.physaphae.fr/article.php?IdArticle=8403305 False None None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function.]]> 2023-10-31T02:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46040 www.secnews.physaphae.fr/article.php?IdArticle=8403310 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call.]]> 2023-10-31T02:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45899 www.secnews.physaphae.fr/article.php?IdArticle=8403309 False None None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.]]> 2023-10-31T01:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5867 www.secnews.physaphae.fr/article.php?IdArticle=8403322 False None None None CVE Liste - Common Vulnerability Exposure MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.]]> 2023-10-31T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31794 www.secnews.physaphae.fr/article.php?IdArticle=8403307 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Missing Authorization in GitHub repository hamza417/inure prior to Build95.]]> 2023-10-31T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5862 www.secnews.physaphae.fr/article.php?IdArticle=8403317 False None None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.]]> 2023-10-31T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5864 www.secnews.physaphae.fr/article.php?IdArticle=8403319 False None None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.]]> 2023-10-31T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5863 www.secnews.physaphae.fr/article.php?IdArticle=8403318 False None None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.]]> 2023-10-31T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5861 www.secnews.physaphae.fr/article.php?IdArticle=8403316 False None None None CVE Liste - Common Vulnerability Exposure Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.]]> 2023-10-31T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5865 www.secnews.physaphae.fr/article.php?IdArticle=8403320 False None None None CVE Liste - Common Vulnerability Exposure Sensitive Cookie in HTTPS Session Without \'Secure\' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.]]> 2023-10-31T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5866 www.secnews.physaphae.fr/article.php?IdArticle=8403321 False None None None CVE Liste - Common Vulnerability Exposure JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is `admin[@]mycompany[.]com`, and users reset their passwords by sending an email. Currently, the domain `mycompany.com` has not been registered. However, if it is registered in the future, it may affect the password reset functionality. This issue has been patched in version 3.8.0 by changing the default email domain to `example.com`. Those who cannot upgrade may change the default email domain to `example.com` manually.]]> 2023-10-31T00:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46138 www.secnews.physaphae.fr/article.php?IdArticle=8403312 False None None None CVE Liste - Common Vulnerability Exposure KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic actually obtains the signature of the last block with an id of `0x7109871a`, while the verification logic during Android installation is to obtain the first one. In addition to the actual signature upgrade that has been fixed (KSU thought it was V2 but was actually V3), there is also the problem of actual signature downgrading (KSU thought it was V2 but was actually V1). Find a condition in the signature verification logic that will cause the signature not to be found error, and KernelSU does not implement the same conditions, so KSU thinks there is a V2 signature, but the APK signature verification actually uses the V1 signature. This issue is fixed in version 0.7.0. As workarounds, keep the KernelSU manager installed and avoid installing unknown apps.]]> 2023-10-31T00:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46139 www.secnews.physaphae.fr/article.php?IdArticle=8403313 False Malware None None CVE Liste - Common Vulnerability Exposure NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts. In nkeys versions 0.4.0 through 0.4.5, corresponding with NATS server versions 2.10.0 through 2.10.3, the nkeys library\'s `xkeys` encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key. This affects encryption only, not signing. FIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY. nkeys Go library 0.4.6, corresponding with NATS Server 2.10.4, has a patch for this issue. No known workarounds are available. For any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep.]]> 2023-10-31T00:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46129 www.secnews.physaphae.fr/article.php?IdArticle=8403311 False None None None CVE Liste - Common Vulnerability Exposure An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter.]]> 2023-10-30T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46478 www.secnews.physaphae.fr/article.php?IdArticle=8403218 False None None None CVE Liste - Common Vulnerability Exposure An issue in OpenCRX v.5.2.2 allows a remote attacker to execute arbitrary code via a crafted request.]]> 2023-10-30T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46502 www.secnews.physaphae.fr/article.php?IdArticle=8403219 False None None None CVE Liste - Common Vulnerability Exposure ** REJECT ** User requested a CVE number by mistake]]> 2023-10-30T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45804 www.secnews.physaphae.fr/article.php?IdArticle=8403216 False None None None CVE Liste - Common Vulnerability Exposure BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton.]]> 2023-10-30T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43798 www.secnews.physaphae.fr/article.php?IdArticle=8403211 False None None None CVE Liste - Common Vulnerability Exposure Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via "drive-by" attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user\'s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user\'s Frigate instance; attacker crafts a specialized page which links to the user\'s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch.]]> 2023-10-30T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45670 www.secnews.physaphae.fr/article.php?IdArticle=8403213 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user\'s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user\'s Frigate instance; attacker crafts a specialized page which links to the user\'s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch.]]> 2023-10-30T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45672 www.secnews.physaphae.fr/article.php?IdArticle=8403215 False Vulnerability None None CVE Liste - Common Vulnerability Exposure BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby messages starting in versions 2.6.11 and 2.7.0-beta.3. There are no known workarounds.]]> 2023-10-30T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43797 www.secnews.physaphae.fr/article.php?IdArticle=8403210 False None None None CVE Liste - Common Vulnerability Exposure CloudExplorer Lite is an open source, lightweight cloud management platform. Prior to version 1.4.1, the gateway filter of CloudExplorer Lite uses a controller with path starting with `matching/API/`, which can cause a permission bypass. Version 1.4.1 contains a patch for this issue.]]> 2023-10-30T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44397 www.secnews.physaphae.fr/article.php?IdArticle=8403212 False Cloud None None CVE Liste - Common Vulnerability Exposure Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user\'s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user\'s Frigate instance; attacker crafts a specialized page which links to the user\'s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.]]> 2023-10-30T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45671 www.secnews.physaphae.fr/article.php?IdArticle=8403214 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via crafted Move and MoveWithOnoff commands.]]> 2023-10-30T22:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45956 www.secnews.physaphae.fr/article.php?IdArticle=8403217 False None None None CVE Liste - Common Vulnerability Exposure Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file.]]> 2023-10-30T22:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42323 www.secnews.physaphae.fr/article.php?IdArticle=8403209 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A stored XSS in the process overview (bersicht zugewiesener Vorgaenge) in mbsupport openVIVA c2 20220101 allows a remote, authenticated, low-privileged attacker to execute arbitrary code in the victim\'s browser via name field of a process.]]> 2023-10-30T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39172 www.secnews.physaphae.fr/article.php?IdArticle=8403208 False None None None CVE Liste - Common Vulnerability Exposure A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.]]> 2023-10-30T21:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5349 www.secnews.physaphae.fr/article.php?IdArticle=8403173 False None None None CVE Liste - Common Vulnerability Exposure baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available.]]> 2023-10-30T21:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43792 www.secnews.physaphae.fr/article.php?IdArticle=8403172 False Vulnerability None None CVE Liste - Common Vulnerability Exposure baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue.]]> 2023-10-30T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43649 www.secnews.physaphae.fr/article.php?IdArticle=8403128 False Vulnerability None None CVE Liste - Common Vulnerability Exposure BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions (txt, swf, svg, png). In version 2.6.0-beta.1, input validation was added on the parameters being passed and dangerous characters are stripped. There are no known workarounds.]]> 2023-10-30T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42804 www.secnews.physaphae.fr/article.php?IdArticle=8403125 False Vulnerability None None CVE Liste - Common Vulnerability Exposure tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.]]> 2023-10-30T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47104 www.secnews.physaphae.fr/article.php?IdArticle=8403131 False None None None CVE Liste - Common Vulnerability Exposure baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue.]]> 2023-10-30T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43647 www.secnews.physaphae.fr/article.php?IdArticle=8403126 False Vulnerability None None CVE Liste - Common Vulnerability Exposure baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue.]]> 2023-10-30T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43648 www.secnews.physaphae.fr/article.php?IdArticle=8403127 False Vulnerability None None CVE Liste - Common Vulnerability Exposure FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue.]]> 2023-10-30T19:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41891 www.secnews.physaphae.fr/article.php?IdArticle=8403123 False Vulnerability None None CVE Liste - Common Vulnerability Exposure BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validation failures. BigBlueButton 2.6.0-beta.2 contains a patch. There are no known workarounds.]]> 2023-10-30T19:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42803 www.secnews.physaphae.fr/article.php?IdArticle=8403124 False None None None CVE Liste - Common Vulnerability Exposure tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data.]]> 2023-10-30T19:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36767 www.secnews.physaphae.fr/article.php?IdArticle=8403095 False None None None CVE Liste - Common Vulnerability Exposure In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.]]> 2023-10-30T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45780 www.secnews.physaphae.fr/article.php?IdArticle=8403129 False None None None CVE Liste - Common Vulnerability Exposure The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair.]]> 2023-10-30T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47101 www.secnews.physaphae.fr/article.php?IdArticle=8403130 False None None None CVE Liste - Common Vulnerability Exposure In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40101 www.secnews.physaphae.fr/article.php?IdArticle=8403122 False None None None CVE Liste - Common Vulnerability Exposure In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21395 www.secnews.physaphae.fr/article.php?IdArticle=8403118 False None None None CVE Liste - Common Vulnerability Exposure In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21387 www.secnews.physaphae.fr/article.php?IdArticle=8403110 False None None None CVE Liste - Common Vulnerability Exposure In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21374 www.secnews.physaphae.fr/article.php?IdArticle=8403098 False None None None CVE Liste - Common Vulnerability Exposure In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21391 www.secnews.physaphae.fr/article.php?IdArticle=8403114 False None None None CVE Liste - Common Vulnerability Exposure In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21376 www.secnews.physaphae.fr/article.php?IdArticle=8403100 False None None None CVE Liste - Common Vulnerability Exposure In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21380 www.secnews.physaphae.fr/article.php?IdArticle=8403104 False None None None CVE Liste - Common Vulnerability Exposure In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21382 www.secnews.physaphae.fr/article.php?IdArticle=8403106 False None None None CVE Liste - Common Vulnerability Exposure In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21390 www.secnews.physaphae.fr/article.php?IdArticle=8403113 False None None None CVE Liste - Common Vulnerability Exposure In Telecomm, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21394 www.secnews.physaphae.fr/article.php?IdArticle=8403117 False None None None CVE Liste - Common Vulnerability Exposure In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21383 www.secnews.physaphae.fr/article.php?IdArticle=8403107 False None None None CVE Liste - Common Vulnerability Exposure In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21375 www.secnews.physaphae.fr/article.php?IdArticle=8403099 False None None None CVE Liste - Common Vulnerability Exposure In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21381 www.secnews.physaphae.fr/article.php?IdArticle=8403105 False None None None CVE Liste - Common Vulnerability Exposure In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21377 www.secnews.physaphae.fr/article.php?IdArticle=8403101 False None None None CVE Liste - Common Vulnerability Exposure In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21398 www.secnews.physaphae.fr/article.php?IdArticle=8403121 False None None None CVE Liste - Common Vulnerability Exposure In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21384 www.secnews.physaphae.fr/article.php?IdArticle=8403108 False None None None CVE Liste - Common Vulnerability Exposure In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21393 www.secnews.physaphae.fr/article.php?IdArticle=8403116 False None None None CVE Liste - Common Vulnerability Exposure In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21392 www.secnews.physaphae.fr/article.php?IdArticle=8403115 False None None None CVE Liste - Common Vulnerability Exposure In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21379 www.secnews.physaphae.fr/article.php?IdArticle=8403103 False None None None CVE Liste - Common Vulnerability Exposure In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21396 www.secnews.physaphae.fr/article.php?IdArticle=8403119 False None None None CVE Liste - Common Vulnerability Exposure In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21385 www.secnews.physaphae.fr/article.php?IdArticle=8403109 False None None None CVE Liste - Common Vulnerability Exposure In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21378 www.secnews.physaphae.fr/article.php?IdArticle=8403102 False None None None CVE Liste - Common Vulnerability Exposure In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21389 www.secnews.physaphae.fr/article.php?IdArticle=8403112 False None None None CVE Liste - Common Vulnerability Exposure In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21397 www.secnews.physaphae.fr/article.php?IdArticle=8403120 False None None None CVE Liste - Common Vulnerability Exposure In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21388 www.secnews.physaphae.fr/article.php?IdArticle=8403111 False None None None CVE Liste - Common Vulnerability Exposure In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21373 www.secnews.physaphae.fr/article.php?IdArticle=8403097 False None None None CVE Liste - Common Vulnerability Exposure In libdexfile, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21372 www.secnews.physaphae.fr/article.php?IdArticle=8403096 False None None None CVE Liste - Common Vulnerability Exposure In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.]]> 2023-10-30T17:15:52+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36920 www.secnews.physaphae.fr/article.php?IdArticle=8403052 False None None None CVE Liste - Common Vulnerability Exposure In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:52+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21367 www.secnews.physaphae.fr/article.php?IdArticle=8403047 False Threat None None CVE Liste - Common Vulnerability Exposure In Usage Access, there is a possible way to display a Settings usage access restriction toggle screen due to a permissions bypass. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.]]> 2023-10-30T17:15:52+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21369 www.secnews.physaphae.fr/article.php?IdArticle=8403049 False None None None CVE Liste - Common Vulnerability Exposure In the Security Element API, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:52+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21370 www.secnews.physaphae.fr/article.php?IdArticle=8403050 False None None None CVE Liste - Common Vulnerability Exposure In Audio, there is a possible out of bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:52+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21368 www.secnews.physaphae.fr/article.php?IdArticle=8403048 False None None None CVE Liste - Common Vulnerability Exposure In Secure Element, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:52+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21371 www.secnews.physaphae.fr/article.php?IdArticle=8403051 False None None None CVE Liste - Common Vulnerability Exposure NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.]]> 2023-10-30T17:15:52+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47090 www.secnews.physaphae.fr/article.php?IdArticle=8403053 False None None None CVE Liste - Common Vulnerability Exposure In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21361 www.secnews.physaphae.fr/article.php?IdArticle=8403042 False None None None CVE Liste - Common Vulnerability Exposure In libaudioclient, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21355 www.secnews.physaphae.fr/article.php?IdArticle=8403036 False None None None CVE Liste - Common Vulnerability Exposure In ContactsProvider, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21364 www.secnews.physaphae.fr/article.php?IdArticle=8403044 False None None None CVE Liste - Common Vulnerability Exposure In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21354 www.secnews.physaphae.fr/article.php?IdArticle=8403035 False None None None CVE Liste - Common Vulnerability Exposure In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21353 www.secnews.physaphae.fr/article.php?IdArticle=8403034 False None None None CVE Liste - Common Vulnerability Exposure In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21356 www.secnews.physaphae.fr/article.php?IdArticle=8403037 False None None None CVE Liste - Common Vulnerability Exposure In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21359 www.secnews.physaphae.fr/article.php?IdArticle=8403040 False None None None CVE Liste - Common Vulnerability Exposure In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21349 www.secnews.physaphae.fr/article.php?IdArticle=8403030 False None None None CVE Liste - Common Vulnerability Exposure In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21358 www.secnews.physaphae.fr/article.php?IdArticle=8403039 False None None None CVE Liste - Common Vulnerability Exposure In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21347 www.secnews.physaphae.fr/article.php?IdArticle=8403028 False None None None CVE Liste - Common Vulnerability Exposure In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21348 www.secnews.physaphae.fr/article.php?IdArticle=8403029 False None None None CVE Liste - Common Vulnerability Exposure In Media Projection, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21350 www.secnews.physaphae.fr/article.php?IdArticle=8403031 False None None None CVE Liste - Common Vulnerability Exposure In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21357 www.secnews.physaphae.fr/article.php?IdArticle=8403038 False None None None CVE Liste - Common Vulnerability Exposure In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21366 www.secnews.physaphae.fr/article.php?IdArticle=8403046 False Prediction None None CVE Liste - Common Vulnerability Exposure In Bluetooth, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21360 www.secnews.physaphae.fr/article.php?IdArticle=8403041 False None None None CVE Liste - Common Vulnerability Exposure In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21352 www.secnews.physaphae.fr/article.php?IdArticle=8403033 False None None None CVE Liste - Common Vulnerability Exposure In Usage, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21362 www.secnews.physaphae.fr/article.php?IdArticle=8403043 False None None None CVE Liste - Common Vulnerability Exposure In Contacts, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21365 www.secnews.physaphae.fr/article.php?IdArticle=8403045 False None None None CVE Liste - Common Vulnerability Exposure In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21351 www.secnews.physaphae.fr/article.php?IdArticle=8403032 False None None None CVE Liste - Common Vulnerability Exposure In Job Scheduler, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:50+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21344 www.secnews.physaphae.fr/article.php?IdArticle=8403025 False None None None CVE Liste - Common Vulnerability Exposure In the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:50+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21346 www.secnews.physaphae.fr/article.php?IdArticle=8403027 False None None None CVE Liste - Common Vulnerability Exposure In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:50+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21343 www.secnews.physaphae.fr/article.php?IdArticle=8403024 False None None None CVE Liste - Common Vulnerability Exposure In Game Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:50+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21345 www.secnews.physaphae.fr/article.php?IdArticle=8403026 False None None None CVE Liste - Common Vulnerability Exposure In Speech, there is a possible way to bypass background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:50+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21342 www.secnews.physaphae.fr/article.php?IdArticle=8403023 False None None None CVE Liste - Common Vulnerability Exposure In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21336 www.secnews.physaphae.fr/article.php?IdArticle=8403017 False None None None CVE Liste - Common Vulnerability Exposure In Telecomm, there is a possible way to get the call state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21340 www.secnews.physaphae.fr/article.php?IdArticle=8403021 False None None None