Security Vulnerabilities - CVEs Published In November 2023
Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-11-08
Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-08
Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-08
Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-11-08
Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-11-08
Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-08
Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-08
Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-08
In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-11-08
In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-08