Authentication flaw

Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider...

CVE-2023-30721

Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log...

CVE-2023-30721

CVE-2023-30721 affects Samsung Android devices via a vulnerability in the Locksettings logging path where sensitive information can be inserted into logs. The underlying issue is the insertion of lockscreen match information into log data, allowing a local attacker with privileged access to read ...

CVE-2023-30721

Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log...

CVE-2023-30711

Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider...

CVE-2023-30711

Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider...

ASB-A-276898626

In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Design/Logic Flaw

In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code ...

CVE-2023-31447

userlogin.cgi on Draytek Vigor2620 devices before 3.9.8.4 and on all versions of Vigor2925 devices allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code...

Draytek Vigor2620 安全漏洞

The DrayTek Draytek Vigor2620 is a wireless router from China-based DrayTek. A security vulnerability exists in the Draytek Vigor2620 prior to version 3.9.8.4, which originates in userlogin.cgi and allows an attacker to send a crafted payload that modifies the contents of a snippet, inserts...

Linux kernel resource management error vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue found in the siano smsusb module.The error occurs during device initialization wh...

PT-2023-20638 · Ox Software Gmbh +1 · Ox App Suite +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises from the lack of sanitization or escaping of the user's clientID at "application passwords" before it is added to the DOM. This allows...

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...

July 27, 2023, update for Publisher 2016 (KB5002396)

July 27, 2023, update for Publisher 2016 KB5002396 This article describes update 5002396 for Microsoft Publisher 2016 that was released on July 27, 2023.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply...

CVE-2023-32468

Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data...

CVE-2023-38195

Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. This is exploitable only when external SQL Server or PostgreSQL metadata storage is used. Exploitation can only occur from a high-privileged user account...

Design/Logic Flaw

Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. This is exploitable only when external SQL Server or PostgreSQL metadata storage is used. Exploitation can only occur from a high-privileged user account...

CVE-2023-38195

Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. This is exploitable only when external SQL Server or PostgreSQL metadata storage is used. Exploitation can only occur from a high-privileged user account...

CVE-2023-38195

Datalust Seq versions prior to 2023.2.9489 are affected. The issue allows insertion of sensitive information into externally accessible files or directories when external metadata storage (SQL Server or PostgreSQL) is used, and exploitation requires a high-privilege user. Remediation: upgrade to ...

CVE-2023-32478

Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure...