Search Results (364861 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-20753 2 Google, Mediatek 55 Android, Mt6580, Mt6731 and 52 more 2024-12-04 6.7 Medium
In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07588667.
CVE-2024-47879 1 Openrefine 1 Openrefine 2024-12-04 7.6 High
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can contain arbitrary Clojure or Python code. The attacker must know a valid project ID of a project that contains at least one row, and the attacker must convince the victim to open a malicious webpage. Version 3.8.3 fixes the issue.
CVE-2023-20755 2 Google, Mediatek 55 Android, Mt6580, Mt6731 and 52 more 2024-12-04 6.7 Medium
In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07509605.
CVE-2023-20754 2 Google, Mediatek 55 Android, Mt6580, Mt6731 and 52 more 2024-12-04 6.7 Medium
In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07588343.
CVE-2024-22458 1 Dell 1 Secure Connect Gateway 2024-12-04 3.7 Low
Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.
CVE-2023-25517 4 Citrix, Nvidia, Redhat and 1 more 4 Hypervisor, Gpu Display Driver, Enterprise Linux Kernel-based Virtual Machine and 1 more 2024-12-04 7.1 High
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.
CVE-2023-34148 3 Microsoft, Trend Micro Inc, Trendmicro 3 Windows, Trend Micro Apex One, Apex One 2024-12-04 7.8 High
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147.
CVE-2023-34147 3 Microsoft, Trend Micro Inc, Trendmicro 3 Windows, Trend Micro Apex One, Apex One 2024-12-04 7.8 High
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148.
CVE-2023-34146 3 Microsoft, Trend Micro Inc, Trendmicro 3 Windows, Trend Micro Apex One, Apex One 2024-12-04 7.8 High
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148.
CVE-2023-32553 3 Microsoft, Trend Micro Inc, Trendmicro 3 Windows, Trend Micro Apex One, Apex One 2024-12-04 5.3 Medium
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552.
CVE-2023-32552 3 Microsoft, Trend Micro Inc, Trendmicro 3 Windows, Trend Micro Apex One, Apex One 2024-12-04 5.3 Medium
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553
CVE-2023-32528 1 Trendmicro 1 Mobile Security 2024-12-04 8.8 High
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32527.
CVE-2023-32527 1 Trendmicro 1 Mobile Security 2024-12-04 8.8 High
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32528.
CVE-2023-32526 1 Trendmicro 1 Mobile Security 2024-12-04 6.5 Medium
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32525.
CVE-2023-21206 1 Google 1 Android 2024-12-04 4.4 Medium
In initiateVenueUrlAnqpQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262245630
CVE-2023-21200 1 Google 1 Android 2024-12-04 5.5 Medium
In on_remove_iso_data_path of btm_iso_impl.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236688764
CVE-2023-21199 1 Google 1 Android 2024-12-04 4.4 Medium
In btu_ble_proc_ltk_req of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254445961
CVE-2023-32522 1 Trendmicro 1 Mobile Security 2024-12-04 8.1 High
A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2023-28485 1 Wekan Project 1 Wekan 2024-12-04 5.4 Medium
A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads.
CVE-2023-27082 1 Pluck-cms 1 Pluck 2024-12-04 4.8 Medium
Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file.