Search Results (37177 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-30866 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-08 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-30865 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-08 5.5 Medium
In dialer service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-30864 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-08 7.8 High
In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
CVE-2024-21259 1 Oracle 1 Vm Virtualbox 2025-01-07 7.5 High
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
CVE-2022-48445 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-07 5.9 Medium
In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
CVE-2022-48444 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-07 5.9 Medium
In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
CVE-2022-48443 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-07 5.9 Medium
In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
CVE-2022-48442 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-07 6.2 Medium
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
CVE-2022-48441 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-07 6.2 Medium
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
CVE-2022-48440 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-07 6.2 Medium
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
CVE-2022-48390 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-07 7.3 High
In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
CVE-2023-20747 3 Google, Linuxfoundation, Mediatek 48 Android, Iot-yocto, Yocto and 45 more 2025-01-07 4.4 Medium
In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121.
CVE-2023-21670 1 Qualcomm 364 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 361 more 2025-01-07 7.8 High
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.
CVE-2021-20451 1 Ibm 1 Cognos Controller 2025-01-07 6 Medium
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643.
CVE-2023-1779 1 Mbconnectline 2 Mbconnect24, Mymbconnect24 2025-01-07 4.3 Medium
Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information.
CVE-2023-3120 1 Oretnom23 1 Service Provider Management System 2025-01-07 6.3 Medium
A vulnerability, which was classified as critical, was found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230799.
CVE-2023-31244 1 Hornerautomation 2 Cscape, Cscape Envisionrv 2025-01-07 7.8 High
The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer.
CVE-2023-30948 1 Palantir 1 Foundry Comments 2025-01-07 6.5 Medium
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content. This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.
CVE-2024-37148 1 Glpi-project 1 Glpi 2025-01-07 8.1 High
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrade to 10.0.16.
CVE-2024-31456 1 Glpi-project 1 Glpi 2025-01-07 7.7 High
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15.