Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2023-07-11 CVE-2023-34117 Path Traversal vulnerability in Zoom Software Development KIT
Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access.
local
low complexity
zoom CWE-22
3.3
2023-07-11 CVE-2022-22302 Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortiauthenticator and Fortios
A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem.
local
low complexity
fortinet CWE-312
3.3
2023-07-10 CVE-2023-34442 Unspecified vulnerability in Apache Camel
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1
local
low complexity
apache
3.3
2023-07-10 CVE-2023-3209 Unspecified vulnerability in Inspireui Mstore API
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
network
low complexity
inspireui
3.5
2023-07-06 CVE-2023-30640 Unspecified vulnerability in Samsung Android 11.0/12.0/13.0
Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration.
local
low complexity
samsung
3.3
2023-07-06 CVE-2023-30667 Unspecified vulnerability in Samsung Android 13.0
Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.
local
low complexity
samsung
3.3
2023-07-04 CVE-2023-2010 Race Condition vulnerability in Incsub Forminator
The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information.
network
high complexity
incsub CWE-362
3.1
2023-07-04 CVE-2023-25523 NULL Pointer Dereference vulnerability in Nvidia Cuda Toolkit
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file.
local
low complexity
nvidia CWE-476
3.3
2023-06-30 CVE-2023-3485 Insecure Default Initialization of Resource vulnerability in Temporal
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request.
local
high complexity
temporal CWE-1188
3.6
2023-06-28 CVE-2023-21512 Incorrect Default Permissions vulnerability in Samsung Android 11.0/12.0/13.0
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.
local
low complexity
samsung CWE-276
3.3