Search Results (364862 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-20756 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2024-12-04 7.8 High
Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20757 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2024-12-04 5.5 Medium
Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-2380 1 Checkmk 1 Checkmk 2024-12-04 4.6 Medium
Stored XSS in graph rendering in Checkmk <2.3.0b4.
CVE-2023-34796 1 Techsneeze 1 Dmarc Report 2024-12-04 6.1 Medium
Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values.
CVE-2023-21198 1 Google 1 Android 2024-12-04 5.5 Medium
In remove_sdp_record of btif_sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245517503
CVE-2023-21236 1 Google 1 Android 2024-12-04 6.7 Medium
In aoc_service_set_read_blocked of aoc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-270148537References: N/A
CVE-2023-21517 1 Samsung 1 Exynos 2024-12-04 8.8 High
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.
CVE-2023-3330 1 Nec 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more 2024-12-04 4.3 Medium
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.
CVE-2023-20756 2 Google, Mediatek 55 Android, Mt6580, Mt6731 and 52 more 2024-12-04 6.7 Medium
In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07549928.
CVE-2023-20757 2 Google, Mediatek 17 Android, Mt6739, Mt6768 and 14 more 2024-12-04 6.7 Medium
In cmdq, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636133.
CVE-2023-20758 2 Google, Mediatek 18 Android, Mt6739, Mt6768 and 15 more 2024-12-04 4.4 Medium
In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636130.
CVE-2023-20759 2 Google, Mediatek 18 Android, Mt6739, Mt6768 and 15 more 2024-12-04 4.4 Medium
In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07634601.
CVE-2023-34923 1 Topdesk 1 Topdesk 2024-12-04 8.1 High
XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.
CVE-2023-20761 2 Google, Mediatek 42 Android, Mt6739, Mt6761 and 39 more 2024-12-04 6.7 Medium
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628582.
CVE-2023-20766 2 Google, Mediatek 53 Android, Mt6580, Mt6735 and 50 more 2024-12-04 6.7 Medium
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573202.
CVE-2023-20767 2 Google, Mediatek 10 Android, Mt6879, Mt6886 and 7 more 2024-12-04 6.7 Medium
In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629584.
CVE-2023-20768 2 Google, Mediatek 43 Android, Mt6580, Mt6735 and 40 more 2024-12-04 6.7 Medium
In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07559800.
CVE-2023-34927 1 Casbin 1 Casdoor 2024-12-04 6.5 Medium
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.
CVE-2023-20771 2 Google, Mediatek 11 Android, Mt6580, Mt6739 and 8 more 2024-12-04 6.4 Medium
In display, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671046; Issue ID: ALPS07671046.
CVE-2023-20772 2 Google, Mediatek 34 Android, Mt6580, Mt6735 and 31 more 2024-12-04 6.7 Medium
In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441796; Issue ID: ALPS07441796.