Search Results (364285 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-34156 1 Huawei 1 Emui 2024-12-17 5.3 Medium
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied.
CVE-2022-48497 1 Huawei 1 Emui 2024-12-17 7.5 High
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2022-48496 1 Huawei 1 Emui 2024-12-17 7.5 High
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.
CVE-2022-48494 1 Huawei 1 Emui 2024-12-17 7.5 High
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.
CVE-2022-48493 1 Huawei 1 Emui 2024-12-17 7.5 High
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2022-48492 1 Huawei 1 Emui 2024-12-17 7.5 High
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2022-48490 1 Huawei 1 Emui 2024-12-17 7.5 High
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2022-48489 1 Huawei 1 Emui 2024-12-17 7.5 High
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2022-48486 1 Huawei 1 Emui 2024-12-17 7.5 High
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2014-125106 1 Nanopb Project 1 Nanopb 2024-12-17 9.8 Critical
Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string.
CVE-2024-52816 1 Adobe 1 Experience Manager 2024-12-17 5.4 Medium
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-52817 1 Adobe 1 Experience Manager 2024-12-17 5.4 Medium
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-52818 1 Adobe 1 Experience Manager 2024-12-17 5.4 Medium
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-2929 1 Rockwellautomation 1 Arena 2024-12-17 7.8 High
A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
CVE-2023-27854 1 Rockwellautomation 1 Arena 2024-12-17 7.8 High
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow.  The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product.  The user would need to open a malicious file provided to them by the attacker for the code to execute.
CVE-2023-27858 1 Rockwellautomation 1 Arena 2024-12-17 7.8 High
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application.  The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product.  The user would need to open a malicious file provided to them by the attacker for the code to execute.
CVE-2024-43730 1 Adobe 1 Experience Manager 2024-12-17 5.4 Medium
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-43727 1 Adobe 1 Experience Manager 2024-12-17 5.4 Medium
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-43728 1 Adobe 1 Experience Manager 2024-12-17 5.4 Medium
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-23713 1 Google 1 Android 2024-12-17 7.8 High
In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.