Search Results (364328 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-34741 1 Google 1 Android 2024-12-17 7.8 High
In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-34743 1 Google 1 Android 2024-12-17 7.8 High
In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-31311 1 Google 1 Android 2024-12-17 7.8 High
In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-31312 1 Google 1 Android 2024-12-17 5.5 Medium
In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-31313 1 Google 1 Android 2024-12-17 7.8 High
In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-31314 1 Google 1 Android 2024-12-17 6.2 Medium
In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-31317 1 Google 1 Android 2024-12-17 7.8 High
In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-31318 1 Google 1 Android 2024-12-17 7.8 High
In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-35813 1 Sitecore 4 Experience Commerce, Experience Manager, Experience Platform and 1 more 2024-12-17 9.8 Critical
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.
CVE-2023-35809 1 Sugarcrm 1 Sugarcrm 2024-12-17 8.8 High
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected.
CVE-2023-35808 1 Sugarcrm 1 Sugarcrm 2024-12-17 8.8 High
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected.
CVE-2023-34157 1 Huawei 1 Harmonyos 2024-12-17 10 Critical
Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.
CVE-2023-30905 1 Hpe 4 Integrity Mc990 X Server Rmc, Integrity Mc990 X Server Rmc Firmware, Sgi Uv 300 Rmc and 1 more 2024-12-17 7.8 High
The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege.
CVE-2023-30904 1 Hpe 1 Insight Remote Support 2024-12-17 5.5 Medium
A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information.
CVE-2023-30903 1 Hp 1 Hp-ux 2024-12-17 5.5 Medium
HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.
CVE-2022-48472 1 Huawei 3 Bisheng-wnm, Bisheng-wnm Firmware, Ota-bisheng Firmware 2024-12-17 9.8 Critical
A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211.
CVE-2022-48471 1 Huawei 2 Bisheng-wnm, Bisheng-wnm Firmware 2024-12-17 7.5 High
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of this vulnerability may cause the printer service to be abnormal.
CVE-2022-48330 1 Huawei 2 Flmg-10, Flmg-10 Firmware 2024-12-17 8 High
A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Affected product versions include:FLMG-10 versions FLMG-10 10.0.1.0(H100SP22C00).
CVE-2023-34795 1 Xlsxio Project 1 Xlsxio 2024-12-17 7.8 High
xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XLSX file.
CVE-2024-31319 1 Google 1 Android 2024-12-17 7.8 High
In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.