CVE-2023-48387

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-940
View all →

Vulnerability Description

TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution.

Related Vulnerabilities

CVE-2023-3663

HIGH
CVSS:8.8(High)

In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received ...

CWE-9402023

CVE-2024-40516

HIGH
CVSS:8.8(High)

An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality.

CWE-9402024

CVE-2022-4800

HIGH
CVSS:8.6(High)

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

CWE-9402022

CVE-2022-4848

HIGH
CVSS:8.6(High)

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

CWE-9402022

CVE-2025-23222

HIGH
CVSS:8.4(High)

An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitr...

CWE-9402025

CVE-2023-41094

CRITICAL
CVSS:9.8(Critical)

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outsid...

CWE-9402023