CVE-2023-40138

In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-40123

In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2023-6720 · Sonicwall · Sonicwall Netextender Windows Client

Name of the Vulnerable Software and Affected Versions: SonicWall NetExtender Windows client versions 10.2.336 and earlier Description: The issue is related to a DLL Search Order Hijacking vulnerability in the start-up DLL component of the SonicWall NetExtender Windows client. This vulnerability c...

CVE-2023-40633

In phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

CVE-2023-21253

In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

Out-of-bounds

In netdagent, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944012; Issue ID: ALPS07944012...

CVE-2023-32808

In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751...

CVE-2023-32806

CVE-2023-32806 affects the MediaTek WLAN driver and involves an out-of-bounds write caused by improper input validation. The issue can lead to local escalation of privileges with SYSTEM-level execution, requiring no user interaction. The vulnerability is described with a patch reference (ALPS0744...

CVE-2023-38554

In wcn bsp driver, there is a possible out of bounds write due to a missing bounds check.This could lead to local denial of service with no additional execution privileges...

PT-2023-26431 · Unknown · Vowifiservice

Name of the Vulnerable Software and Affected Versions: vowifiservice affected versions not specified Description: The issue is related to a possible missing permission check in vowifiservice, which could lead to a local denial of service with no additional execution privileges. Recommendations: A...

PT-2023-26450 · Unknown · Vowifiservice

Name of the Vulnerable Software and Affected Versions: vowifiservice affected versions not specified Description: The issue is related to a possible missing permission check in vowifiservice. This could lead to local denial of service with no additional execution privileges. Recommendations: At t...

PT-2023-17662 · Imgsys · Imgsys

Name of the Vulnerable Software and Affected Versions: imgsys affected versions not specified Description: The issue is related to a possible out of bounds read in imgsys due to missing valid range checking. This could lead to local information disclosure, requiring System execution privileges an...

CVE-2023-20784

In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826989; Issue ID: ALPS07826989...

Out-of-bounds

In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826905; Issue ID: ALPS07826905...

CVE-2023-38056 Code execution via System Configuration

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35...

Design/Logic Flaw

Local users are able to execute scripts under root privileges...

CVE-2023-30652

Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code...

CVE-2023-20772

In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441796; Issue ID: ALPS07441796...

CVE-2023-20755

In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07509605...

CVE-2023-20760

In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629578; Issue ID: ALPS07629578...