VYPR

CVEs

100,472 total · page 657 of 2,010

  • CVE-2024-31322HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to local escalation of privilege with no additional execution…

  • CVE-2024-31320HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2024-31319HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2024-31318HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2024-31317HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.01

    In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not…

  • CVE-2024-31316HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-31315HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2024-31313HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-31311HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-31310HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2024-23711HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-23698HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-23697HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-23696HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-23695HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21114HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21113HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-39063HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.00

    Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). The YII_CSRF_TOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests.

  • CVE-2024-37872HigJul 9, 2024
    risk 0.53cvss 8.1epss 0.01

    SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.

  • CVE-2024-37871HigJul 9, 2024
    risk 0.53cvss 8.2epss 0.00

    SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the email parameter.

  • CVE-2024-34139HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2024-29153HigJul 9, 2024
    risk 0.53cvss 8.1epss 0.00

    A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos…

  • CVE-2024-20785HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2024-20783HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2024-20782HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2024-20781HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2024-40039HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del

  • CVE-2024-40037HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del

  • CVE-2024-40036HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.01

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close

  • CVE-2024-40034HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del

  • CVE-2024-39684HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened;…

  • CVE-2024-38517HigJul 9, 2024
    risk 0.44cvss 7.8epss 0.00

    Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened;…

  • CVE-2024-34123HigJul 9, 2024
    risk 0.46cvss 7.0epss 0.00

    Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might…

  • CVE-2023-50807HigJul 9, 2024
    risk 0.53cvss 8.1epss 0.00

    A vulnerability was discovered in Samsung Wearable Processor and Modems with versions Exynos 9110, Exynos Modem 5123, Exynos Modem 5300 that allows an out-of-bounds write in the heap in 2G (no auth).

  • CVE-2023-50806HigJul 9, 2024
    risk 0.55cvss 8.4epss 0.00

    A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850 Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380 Exynos 1330, Exynos 9110, Exynos W920, Exynos…

  • CVE-2023-50805HigJul 9, 2024
    risk 0.53cvss 8.1epss 0.00

    A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos…

  • CVE-2024-6222HigJul 9, 2024
    risk 0.46cvss 7.0epss 0.01

    In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-note…

  • CVE-2024-39698HigJul 9, 2024
    risk 0.42cvss 7.5epss 0.00

    electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by…

  • CVE-2024-38112HigKEVJul 9, 2024
    risk 0.67cvss 7.5epss 0.84

    Windows MSHTML Platform Spoofing Vulnerability

  • CVE-2024-38104HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.02

    Windows Fax Service Remote Code Execution Vulnerability

  • CVE-2024-38100HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.05

    Windows File Explorer Elevation of Privilege Vulnerability

  • CVE-2024-38095HigJul 9, 2024
    risk 0.49cvss 7.5epss 0.03

    .NET and Visual Studio Denial of Service Vulnerability

  • CVE-2024-38094HigKEVJul 9, 2024
    risk 0.69cvss 7.2epss 0.50

    Microsoft SharePoint Remote Code Execution Vulnerability

  • CVE-2024-38092HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.02

    Azure CycleCloud Elevation of Privilege Vulnerability

  • CVE-2024-38091HigJul 9, 2024
    risk 0.49cvss 7.5epss 0.02

    Microsoft WS-Discovery Denial of Service Vulnerability

  • CVE-2024-38088HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.02

    SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

  • CVE-2024-38087HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.02

    SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

  • CVE-2024-38085HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.05

    Windows Graphics Component Elevation of Privilege Vulnerability

  • CVE-2024-38081HigJul 9, 2024
    risk 0.48cvss 7.3epss 0.01

    .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

  • CVE-2024-38080HigKEVJul 9, 2024
    risk 0.63cvss 7.8epss 0.07

    Windows Hyper-V Elevation of Privilege Vulnerability