Search Results (37142 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-34418 1 Lenovo 1 Xclarity Administrator 2024-12-03 8.1 High
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.
CVE-2024-28829 1 Checkmk 1 Checkmk 2024-12-03 7.8 High
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges.
CVE-2024-38859 1 Checkmk 1 Checkmk 2024-12-03 6.1 Medium
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.
CVE-2023-30913 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-12-03 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-33898 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-12-03 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-33899 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-12-03 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-32789 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-12-03 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-33879 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-12-03 3.3 Low
In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-33880 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-12-03 3.3 Low
In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-33881 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-12-03 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-33882 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-12-03 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-33883 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-12-03 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-33884 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-12-03 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-33885 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-12-03 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-33886 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-12-03 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-33887 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-12-03 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-36464 2 Pypdf2 Project, Pypdf Project 2 Pypdf2, Pypdf 2024-12-03 6.2 Medium
pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b"\r", b"\n")` in `pypdf/generic/_data_structures.py` to `while peek not in (b"\r", b"\n", b"")`.
CVE-2024-0037 1 Google 1 Android 2024-12-03 3.3 Low
In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-11744 1 1000projects 1 Portfolio Management System Mca 2024-12-03 7.3 High
A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2024-11817 1 Phpgurukul 2 User Registration \& Login And User Management System, User Registration And Login And User Management System 2024-12-03 7.3 High
A vulnerability was found in PHPGurukul User Registration & Login and User Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.