Search Results (365162 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-42791 1 Fortinet 1 Fortimanager 2024-12-16 8.6 High
A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
CVE-2023-47635 1 Decidim 1 Decidim 2024-12-16 4.5 Medium
Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the session cookie in order to see this resource. This URL does not allow modifying the resource but it may allow attackers to gain access to information which was not meant to be public. The issue is fixed in version 0.27.5 and 0.28.0. As a workaround, disable the templates functionality or remove all available templates.
CVE-2022-48488 1 Huawei 1 Emui 2024-12-16 5.3 Medium
Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop.
CVE-2024-1636 1 Progress 1 Sitefinity 2024-12-16 8 High
Potential Cross-Site Scripting (XSS) in the page editing area.
CVE-2024-1632 1 Progress 1 Sitefinity 2024-12-16 8.8 High
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.
CVE-2023-34800 1 Dlink 2 Go-rt-ac750, Go-rt-ac750 Firmware 2024-12-16 9.8 Critical
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main.
CVE-2023-20885 1 Pivotal 3 Cloud Foundry Nfs Volume, Cloud Foundry Notifications, Cloud Foundry Smb Volume 2024-12-16 6.5 Medium
Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19.
CVE-2024-21816 1 Openatom 1 Openharmony 2024-12-16 4 Medium
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions.
CVE-2024-21826 1 Openatom 1 Openharmony 2024-12-16 4.3 Medium
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage.
CVE-2023-49602 1 Openatom 1 Openharmony 2024-12-16 2.9 Low
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2023-3306 1 Ruijie 2 Rg-ew1200g, Rg-ew1200g Firmware 2024-12-16 7.3 High
A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-231802 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-46708 1 Openatom 1 Openharmony 2024-12-16 4.3 Medium
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.
CVE-2024-0046 1 Google 1 Android 2024-12-16 7.8 High
In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-25176 1 Openatom 1 Openharmony 2024-12-16 2.9 Low
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVE-2024-0048 1 Google 1 Android 2024-12-16 7.8 High
In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-0050 1 Google 1 Android 2024-12-16 7.8 High
In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-40109 1 Google 1 Android 2024-12-16 7.8 High
In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2023-40104 1 Google 1 Android 2024-12-16 7.5 High
In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-40100 1 Google 1 Android 2024-12-16 7.8 High
In discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-0051 1 Google 1 Android 2024-12-16 7.8 High
In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.