Search Results (364251 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-46708 1 Openatom 1 Openharmony 2024-12-16 4.3 Medium
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.
CVE-2024-0046 1 Google 1 Android 2024-12-16 7.8 High
In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-25176 1 Openatom 1 Openharmony 2024-12-16 2.9 Low
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVE-2024-0048 1 Google 1 Android 2024-12-16 7.8 High
In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-0050 1 Google 1 Android 2024-12-16 7.8 High
In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-40109 1 Google 1 Android 2024-12-16 7.8 High
In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2023-40104 1 Google 1 Android 2024-12-16 7.5 High
In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-40100 1 Google 1 Android 2024-12-16 7.8 High
In discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-0051 1 Google 1 Android 2024-12-16 7.8 High
In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-0031 1 Google 1 Android 2024-12-16 9.8 Critical
In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-0030 1 Google 1 Android 2024-12-16 5.5 Medium
In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-23717 1 Google 1 Android 2024-12-16 8.8 High
In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-27517 1 Webasyst 1 Webasyst 2024-12-16 5.4 Medium
Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, Attackers can create blogs containing malicious code after gaining blog permissions.
CVE-2023-51800 1 School Fees Management System Project 1 School Fees Management System1.0 2024-12-16 5.4 Medium
Cross Site Scripting (XSS) vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the main_settings component in the phone, address, bank, acc_name, acc_number parameters, new_class and cname parameter, add_new_parent function in the name email parameters, new_term function in the tname parameter, and the edit_student function in the name parameter.
CVE-2023-51802 1 Oretnom23 1 Simple Student Attendance System 2024-12-16 6.1 Medium
Cross Site Scripting (XSS) vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the page or class_month parameter in the /php-attendance/attendance_report component.
CVE-2024-0040 1 Google 1 Android 2024-12-16 7.5 High
In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-48650 1 Concretecms 1 Concrete Cms 2024-12-16 4.8 Medium
Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name.
CVE-2023-48651 1 Concretecms 1 Concrete Cms 2024-12-16 4.3 Medium
Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.
CVE-2023-48653 1 Concretecms 1 Concrete Cms 2024-12-16 4.3 Medium
Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential.
CVE-2023-49337 1 Concretecms 1 Concrete Cms 2024-12-16 2.4 Low
Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. (8.5 and earlier are unaffected.)