Search Results (363851 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-35178 1 Hp 76 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 73 more 2024-12-04 8.8 High
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs.
CVE-2023-35177 1 Hp 76 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 73 more 2024-12-04 8.8 High
Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser.
CVE-2023-35176 1 Hp 76 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 73 more 2024-12-04 8.8 High
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device.
CVE-2023-25306 1 Multimc 1 Multimc 2024-12-04 7.5 High
MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal.
CVE-2022-48336 1 Widevine 1 Trusted Application 2024-12-04 9.8 Critical
Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagParseAndStoreData integer overflow and resultant buffer overflow.
CVE-2024-0638 1 Checkmk 1 Checkmk 2024-12-04 8.2 High
Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
CVE-2022-48333 1 Widevine 1 Trusted Application 2024-12-04 9.8 Critical
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow.
CVE-2022-48335 1 Widevine 1 Trusted Application 2024-12-04 9.8 Critical
Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVerifyProvisioning integer overflow and resultant buffer overflow.
CVE-2024-11959 2 D-link, Dlink 3 Dir-605l, Dir-605l, Dir-605l Firmware 2024-12-04 8.8 High
A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-11960 2 D-link, Dlink 3 Dir-605l, Dir-605l, Dir-605l Firmware 2024-12-04 8.8 High
A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-11964 1 Phpgurukul 1 Complaint Management System 2024-12-04 7.3 High
A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management system 1.0. This affects an unknown part of the file /user/index.php. The manipulation of the argument emailid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-11965 1 Phpgurukul 1 Complaint Management System 2024-12-04 7.3 High
A vulnerability has been found in PHPGurukul Complaint Management system 1.0 and classified as critical. This vulnerability affects unknown code of the file /user/reset-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-1742 1 Checkmk 1 Checkmk 2024-12-04 3.8 Low
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.
CVE-2024-11966 1 Phpgurukul 1 Complaint Management System 2024-12-04 7.3 High
A vulnerability was found in PHPGurukul Complaint Management system 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-28824 2 Checkmk, Tribe29 2 Checkmk, Checkmk 2024-12-04 8.8 High
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
CVE-2023-33904 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-12-04 4.4 Medium
In hci_server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
CVE-2023-33903 2 Google, Unisoc 14 Android, S8001, Sc7731e and 11 more 2024-12-04 4.4 Medium
In FM service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed.
CVE-2023-33895 2 Google, Unisoc 14 Android, S8004, Sc7731e and 11 more 2024-12-04 5.5 Medium
In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-33894 2 Google, Unisoc 14 Android, S8003, Sc7731e and 11 more 2024-12-04 5.5 Medium
In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2024-8849 1 Pdf-xchange 2 Pdf-tools, Pdf-xchange Editor 2024-12-04 5.5 Medium
PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25269.