Total
34425 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11485 | 1 Code4berry | 1 Decoration Management System | 2024-12-02 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Code4Berry Decoration Management System 1.0. Affected by this issue is some unknown functionality of the file /decoration/admin/userregister.php of the component User Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-11486 | 1 Code4berry | 1 Decoration Management System | 2024-12-02 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/user_permission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-42721 | 2 Google, Unisoc | 2 Android, Sc9863a | 2024-12-02 | 5.5 Medium |
| In flv extractor, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed | ||||
| CVE-2023-21162 | 1 Google | 1 Android | 2024-12-02 | 9.8 Critical |
| In RGXUnbackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21401 | 1 Google | 1 Android | 2024-12-02 | 9.8 Critical |
| In DevmemIntChangeSparse of devicemem_server.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-35690 | 1 Google | 1 Android | 2024-12-02 | 9.8 Critical |
| In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-40082 | 1 Google | 1 Android | 2024-12-02 | 9.8 Critical |
| In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-40095 | 1 Google | 1 Android | 2024-12-02 | 7.8 High |
| In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-36368 | 1 Monetdb | 1 Monetdb | 2024-12-02 | 7.5 High |
| An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-36367 | 1 Monetdb | 1 Monetdb | 2024-12-02 | 7.5 High |
| An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-36366 | 1 Monetdb | 1 Monetdb | 2024-12-02 | 7.5 High |
| An issue in the log_create_delta component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-36365 | 1 Monetdb | 1 Monetdb | 2024-12-02 | 7.5 High |
| An issue in the sql_trans_copy_key component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-36364 | 1 Monetdb | 1 Monetdb | 2024-12-02 | 7.5 High |
| An issue in the rel_deps component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-36363 | 1 Monetdb | 1 Monetdb | 2024-12-02 | 7.5 High |
| An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-36362 | 1 Monetdb | 1 Monetdb | 2024-12-02 | 7.5 High |
| An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-42571 | 1 Samsung | 1 Find My Mobile | 2024-12-02 | 7.6 High |
| Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device. | ||||
| CVE-2023-48412 | 1 Google | 1 Android | 2024-12-02 | 5.5 Medium |
| In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-28022 | 1 Hcltech | 1 Connections | 2024-12-02 | 3.5 Low |
| HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | ||||
| CVE-2018-0240 | 1 Cisco | 47 7604, 7606-s, 7609-s and 44 more | 2024-11-29 | 8.6 High |
| Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456. | ||||
| CVE-2018-0241 | 1 Cisco | 9 Asr 9001, Asr 9006, Asr 9010 and 6 more | 2024-11-29 | N/A |
| A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that are forwarded to an IPv4 helper address. An attacker could exploit this vulnerability by sending multiple UDP broadcast packets to the affected device. An exploit could allow the attacker to cause a buffer leak on the affected device, eventually resulting in a DoS condition requiring manual intervention to recover. This vulnerability affects all Cisco IOS XR platforms running 6.3.1, 6.2.3, or earlier releases of Cisco IOS XR Software when at least one IPv4 helper address is configured on an interface of the device. Cisco Bug IDs: CSCvi35625. | ||||