Search Results (37153 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-40671 1 Google 1 Android 2024-12-17 7.8 High
In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-34659 1 Jeecg 1 Jeecg Boot 2024-12-17 9.8 Critical
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.
CVE-2024-40652 1 Google 1 Android 2024-12-17 7.3 High
In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-40650 1 Google 1 Android 2024-12-17 7.8 High
In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-31318 1 Google 1 Android 2024-12-17 7.8 High
In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-35782 1 Ipandlanguageredirect Project 1 Ipandlanguageredirect 2024-12-17 8.2 High
The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection.
CVE-2023-34165 1 Huawei 1 Harmonyos 2024-12-17 5.3 Medium
Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions.
CVE-2024-23704 1 Google 1 Android 2024-12-17 7.8 High
In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-35811 1 Sugarcrm 1 Sugarcrm 2024-12-17 8.8 High
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use used for exploitation. Editions other than Enterprise are also affected.
CVE-2024-21919 1 Rockwellautomation 1 Arena 2024-12-17 7.8 High
An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
CVE-2023-27858 1 Rockwellautomation 1 Arena 2024-12-17 7.8 High
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application.  The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product.  The user would need to open a malicious file provided to them by the attacker for the code to execute.
CVE-2022-48491 1 Huawei 1 Emui 2024-12-17 5.3 Medium
Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.
CVE-2019-13527 1 Rockwellautomation 1 Arena 2024-12-17 7.8 High
In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized.
CVE-2019-13519 1 Rockwellautomation 1 Arena 2024-12-17 7.8 High
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.
CVE-2022-48495 1 Huawei 1 Emui 2024-12-17 5.3 Medium
Vulnerability of unauthorized access to foreground app information.Successful exploitation of this vulnerability may cause foreground app information to be obtained.
CVE-2024-12381 1 Google 1 Chrome 2024-12-17 8.8 High
Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-21987 1 Netapp 1 Snapcenter 2024-12-16 5.4 Medium
SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings
CVE-2022-48488 1 Huawei 1 Emui 2024-12-16 5.3 Medium
Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop.
CVE-2023-49602 1 Openatom 1 Openharmony 2024-12-16 2.9 Low
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2023-51380 1 Github 1 Enterprise Server 2024-12-16 2.7 Low
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.