Export limit exceeded: 20270 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20270 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20761 | 2 Google, Mediatek | 42 Android, Mt6739, Mt6761 and 39 more | 2024-12-04 | 6.7 Medium |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628582. | ||||
| CVE-2023-20766 | 2 Google, Mediatek | 53 Android, Mt6580, Mt6735 and 50 more | 2024-12-04 | 6.7 Medium |
| In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573202. | ||||
| CVE-2023-20767 | 2 Google, Mediatek | 10 Android, Mt6879, Mt6886 and 7 more | 2024-12-04 | 6.7 Medium |
| In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629584. | ||||
| CVE-2023-20771 | 2 Google, Mediatek | 11 Android, Mt6580, Mt6739 and 8 more | 2024-12-04 | 6.4 Medium |
| In display, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671046; Issue ID: ALPS07671046. | ||||
| CVE-2023-21066 | 1 Google | 1 Android | 2024-12-04 | 9.8 Critical |
| In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-250100597References: N/A | ||||
| CVE-2023-2625 | 1 Abb | 2 Txpert Hub Coretec 4, Txpert Hub Coretec 4 Firmware | 2024-12-04 | 9 Critical |
| A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system. | ||||
| CVE-2023-3333 | 1 Nec | 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more | 2024-12-04 | 7.2 High |
| Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. | ||||
| CVE-2024-8360 | 1 Visteon | 1 Infotainment | 2024-12-04 | 6.8 Medium |
| Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REFLASH_DDU_ExtractFile function. A crafted software update file can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23421. | ||||
| CVE-2024-7508 | 1 Trimble | 2 Sketchup, Sketchup Viewer | 2024-12-04 | 7.8 High |
| Trimble SketchUp Viewer SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19575. | ||||
| CVE-2023-20753 | 2 Google, Mediatek | 55 Android, Mt6580, Mt6731 and 52 more | 2024-12-04 | 6.7 Medium |
| In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07588667. | ||||
| CVE-2023-20754 | 2 Google, Mediatek | 55 Android, Mt6580, Mt6731 and 52 more | 2024-12-04 | 6.7 Medium |
| In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07588343. | ||||
| CVE-2023-35177 | 1 Hp | 76 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 73 more | 2024-12-04 | 8.8 High |
| Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser. | ||||
| CVE-2023-20775 | 3 Google, Mediatek, Openwrt | 38 Android, Mt6739, Mt6757 and 35 more | 2024-12-04 | 6.7 Medium |
| In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07978760; Issue ID: ALPS07363410. | ||||
| CVE-2023-32622 | 1 Wavlink | 2 Wl-wn531ax2, Wl-wn531ax2 Firmware | 2024-12-04 | 7.2 High |
| Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege. | ||||
| CVE-2024-20761 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-12-04 | 7.8 High |
| Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-20785 | 2 Google, Mediatek | 20 Android, Mt6779, Mt6781 and 17 more | 2024-12-04 | 6.4 Medium |
| In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628524; Issue ID: ALPS07628524. | ||||
| CVE-2023-20786 | 2 Google, Mediatek | 35 Android, Mt2713, Mt6580 and 32 more | 2024-12-04 | 6.7 Medium |
| In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767811; Issue ID: ALPS07767811. | ||||
| CVE-2023-20811 | 3 Google, Linux, Mediatek | 54 Android, Linux Kernel, Mt5221 and 51 more | 2024-12-04 | 6.7 Medium |
| In IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061. | ||||
| CVE-2024-27327 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2024-12-04 | 7.8 High |
| PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22277. | ||||
| CVE-2024-30271 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-12-04 | 7.8 High |
| Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||