Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2023-11-08 CVE-2023-47111 Unspecified vulnerability in Zitadel
ZITADEL provides identity infrastructure.
network
high complexity
zitadel
3.7
2023-11-08 CVE-2023-26221 Insufficiently Protected Credentials vulnerability in Tibco products
The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files.
local
low complexity
tibco CWE-522
3.9
2023-11-07 CVE-2023-42542 Unspecified vulnerability in Samsung Push Service
Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device.
local
low complexity
samsung
3.3
2023-11-07 CVE-2023-42552 Unspecified vulnerability in Samsung Firewall 12.1.00.24/13.1.00.16
Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall.
local
low complexity
samsung
3.3
2023-11-06 CVE-2023-4535 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption.
3.8
2023-11-02 CVE-2023-5920 Unspecified vulnerability in Mattermost Desktop
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.
local
low complexity
mattermost
3.3
2023-10-31 CVE-2023-37833 Improper Input Validation vulnerability in Elenos Etg150 Firmware 3.12
Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users.
network
low complexity
elenos CWE-20
2.7
2023-10-31 CVE-2023-43295 Cross-Site Request Forgery (CSRF) vulnerability in Clickstudios Passwordstate 9.7
Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request.
network
low complexity
clickstudios CWE-352
3.5
2023-10-31 CVE-2023-5862 Unspecified vulnerability in Hamza417 Inure
Missing Authorization in GitHub repository hamza417/inure prior to Build95.
local
low complexity
hamza417
3.3
2023-10-30 CVE-2023-5349 Memory Leak vulnerability in multiple products
A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick.
local
low complexity
rmagick fedoraproject CWE-401
3.3