Search Results (35577 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-20927 1 Google 1 Android 2025-03-19 7.8 High
In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503
CVE-2022-42455 1 Asus 1 Armoury Crate 2025-03-19 7.8 High
ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.
CVE-2022-38935 1 Niter 1 Niterforum 2025-03-19 8.8 High
An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi.java and /src/main/java/cn/niter/forum/controller/AdminController.java, allows attackers to gain escalated privileges.
CVE-2018-9412 1 Google 1 Android 2025-03-19 5.5 Medium
In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-7974 1 Google 1 Chrome 2025-03-19 8.8 High
Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
CVE-2023-25765 1 Jenkins 1 Email Extension 2025-03-19 9.9 Critical
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
CVE-2024-8399 1 Mozilla 1 Firefox Focus 2025-03-19 4.7 Medium
Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130.
CVE-2024-7531 2 Mozilla, Redhat 3 Firefox, Firefox Esr, Rhel Aus 2025-03-19 6.3 Medium
Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.
CVE-2024-7001 1 Google 1 Chrome 2025-03-19 4.3 Medium
Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-5652 1 Docker 1 Desktop 2025-03-19 6.1 Medium
In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode.
CVE-2024-42397 1 Hp 1 Instantos 2025-03-19 5.3 Medium
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
CVE-2024-42031 1 Huawei 2 Emui, Harmonyos 2025-03-19 7.5 High
Access permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-40396 1 Apple 7 Ios, Ipad Os, Ipados and 4 more 2025-03-19 7.8 High
The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-30456 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more 2025-03-19 6.5 Medium
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.
CVE-2023-25011 1 Nec 1 Pc Settings Tool 2025-03-19 7.8 High
PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges.
CVE-2023-23464 1 Mediacp 1 Media Control Panel 2025-03-19 8.1 High
Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure.
CVE-2024-25064 1 Hikvision 1 Hikcentral Professional 2025-03-19 4.3 Medium
Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values.
CVE-2024-21182 1 Oracle 1 Weblogic Server 2025-03-19 7.5 High
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2024-38312 1 Mozilla 1 Firefox 2025-03-19 6.5 Medium
When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127.
CVE-2022-43969 1 Ricoh 154 Im 2500, Im 2500 Firmware, Im 2702 and 151 more 2025-03-19 9.1 Critical
Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.