| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-5685 | Hig | 0.42 | 7.6 | 0.00 | Jun 14, 2024 | Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1. | ||
| CVE-2024-5995 | Hig | 0.57 | 8.8 | 0.00 | Jun 14, 2024 | The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused. | ||
| CVE-2024-36503 | Hig | 0.47 | 7.3 | 0.00 | Jun 14, 2024 | Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability. | ||
| CVE-2024-36502 | Hig | 0.51 | 7.9 | 0.00 | Jun 14, 2024 | Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability. | ||
| CVE-2024-36500 | Hig | 0.51 | 7.8 | 0.00 | Jun 14, 2024 | Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||
| CVE-2024-31163 | Hig | 0.47 | 7.2 | 0.01 | Jun 14, 2024 | ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device. | ||
| CVE-2024-31162 | Hig | 0.47 | 7.2 | 0.01 | Jun 14, 2024 | The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device. | ||
| CVE-2024-5551 | Hig | 0.49 | 7.5 | 0.00 | Jun 14, 2024 | The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin… | ||
| CVE-2024-4404 | Hig | 0.55 | 8.5 | 0.00 | Jun 14, 2024 | The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary… | ||
| CVE-2024-3498 | Hig | 0.51 | 7.8 | 0.00 | Jun 14, 2024 | Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2024-3497 | Hig | 0.57 | 8.8 | 0.01 | Jun 14, 2024 | Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2024-3496 | Hig | 0.57 | 8.8 | 0.01 | Jun 14, 2024 | Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2024-1094 | Hig | 0.40 | 7.3 | 0.01 | Jun 14, 2024 | The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including,… | ||
| CVE-2024-31161 | Hig | 0.47 | 7.2 | 0.01 | Jun 14, 2024 | The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory,… | ||
| CVE-2024-27178 | — | Hig | 0.47 | 7.2 | 0.01 | Jun 14, 2024 | An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability… | |
| CVE-2024-27177 | — | Hig | 0.47 | 7.2 | 0.01 | Jun 14, 2024 | An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this… | |
| CVE-2024-27176 | — | Hig | 0.47 | 7.2 | 0.01 | Jun 14, 2024 | An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability… | |
| CVE-2024-27171 | — | Hig | 0.48 | 7.4 | 0.01 | Jun 14, 2024 | A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference URL. | |
| CVE-2024-27170 | Hig | 0.48 | 7.4 | 0.00 | Jun 14, 2024 | It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2024-27169 | Hig | 0.55 | 8.4 | 0.00 | Jun 14, 2024 | Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2024-27168 | — | Hig | 0.46 | 7.1 | 0.00 | Jun 14, 2024 | It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL. | |
| CVE-2024-27167 | Hig | 0.48 | 7.4 | 0.00 | Jun 14, 2024 | Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2024-27166 | Hig | 0.48 | 7.4 | 0.00 | Jun 14, 2024 | Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2024-27165 | Hig | 0.51 | 7.8 | 0.00 | Jun 14, 2024 | Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. A local attacker can get root privileges. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2024-27164 | Hig | 0.46 | 7.1 | 0.00 | Jun 14, 2024 | Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2024-27158 | Hig | 0.48 | 7.4 | 0.00 | Jun 14, 2024 | All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2024-27155 | Hig | 0.50 | 7.7 | 0.00 | Jun 14, 2024 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the… | ||
| CVE-2024-3079 | Hig | 0.47 | 7.2 | 0.01 | Jun 14, 2024 | Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device. | ||
| CVE-2024-27153 | Hig | 0.48 | 7.4 | 0.00 | Jun 14, 2024 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2024-27152 | Hig | 0.48 | 7.4 | 0.00 | Jun 14, 2024 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2024-27151 | Hig | 0.48 | 7.4 | 0.00 | Jun 14, 2024 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the… | ||
| CVE-2024-27150 | Hig | 0.48 | 7.4 | 0.00 | Jun 14, 2024 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2024-27149 | Hig | 0.48 | 7.4 | 0.00 | Jun 14, 2024 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2024-27148 | Hig | 0.48 | 7.4 | 0.00 | Jun 14, 2024 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2024-27147 | Hig | 0.48 | 7.4 | 0.00 | Jun 14, 2024 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2024-5984 | Hig | 0.48 | 7.3 | 0.01 | Jun 14, 2024 | A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be launched remotely. The… | ||
| CVE-2024-5983 | Hig | 0.48 | 7.3 | 0.01 | Jun 14, 2024 | A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file bookPerPub.php. The manipulation of the argument pubid leads to sql injection. The attack can be launched… | ||
| CVE-2024-0099 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2024 | NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of… | ||
| CVE-2024-0091 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2024 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering. | ||
| CVE-2024-0090 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2024 | NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||
| CVE-2024-0089 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2024 | NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering. | ||
| CVE-2024-0084 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2024 | NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of… | ||
| CVE-2024-5976 | Hig | 0.48 | 7.3 | 0.01 | Jun 13, 2024 | A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. Affected is the function log_employee of the file /classes/Master.php?f=log_employee. The manipulation of the argument employee_code leads to sql… | ||
| CVE-2024-32929 | Hig | 0.53 | 8.1 | 0.00 | Jun 13, 2024 | In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2024-32925 | Hig | 0.57 | 8.8 | 0.00 | Jun 13, 2024 | In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2024-32924 | Hig | 0.49 | 7.5 | 0.00 | Jun 13, 2024 | In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2024-32922 | Hig | 0.48 | 7.4 | 0.00 | Jun 13, 2024 | In gpu_pm_power_on_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2024-32921 | Hig | 0.48 | 7.4 | 0.00 | Jun 13, 2024 | In lwis_initialize_transaction_fences of lwis_fence.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2024-32920 | Hig | 0.46 | 7.1 | 0.00 | Jun 13, 2024 | In set_secure_reg of sac_handler.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2024-32919 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2024 | In lwis_add_completion_fence of lwis_fence.c, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
- risk 0.42cvss 7.6epss 0.00
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
- risk 0.57cvss 8.8epss 0.00
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused.
- risk 0.47cvss 7.3epss 0.00
Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability.
- risk 0.51cvss 7.9epss 0.00
Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability.
- risk 0.51cvss 7.8epss 0.00
Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- risk 0.47cvss 7.2epss 0.01
ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.
- risk 0.47cvss 7.2epss 0.01
The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.
- risk 0.49cvss 7.5epss 0.00
The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin…
- risk 0.55cvss 8.5epss 0.00
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary…
- risk 0.51cvss 7.8epss 0.00
Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL.
- risk 0.57cvss 8.8epss 0.01
Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL.
- risk 0.57cvss 8.8epss 0.01
Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference URL.
- risk 0.40cvss 7.3epss 0.01
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including,…
- risk 0.47cvss 7.2epss 0.01
The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory,…
- risk 0.47cvss 7.2epss 0.01
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability…
- risk 0.47cvss 7.2epss 0.01
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this…
- risk 0.47cvss 7.2epss 0.01
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability…
- risk 0.48cvss 7.4epss 0.01
A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference URL.
- risk 0.48cvss 7.4epss 0.00
It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference URL.
- risk 0.55cvss 8.4epss 0.00
Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/models/versions, see the reference URL.
- risk 0.46cvss 7.1epss 0.00
It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL.
- risk 0.48cvss 7.4epss 0.00
Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference URL.
- risk 0.48cvss 7.4epss 0.00
Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL.
- risk 0.51cvss 7.8epss 0.00
Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. A local attacker can get root privileges. As for the affected products/models/versions, see the reference URL.
- risk 0.46cvss 7.1epss 0.00
Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL.
- risk 0.48cvss 7.4epss 0.00
All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL.
- risk 0.50cvss 7.7epss 0.00
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the…
- risk 0.47cvss 7.2epss 0.01
Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device.
- risk 0.48cvss 7.4epss 0.00
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.
- risk 0.48cvss 7.4epss 0.00
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.
- risk 0.48cvss 7.4epss 0.00
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the…
- risk 0.48cvss 7.4epss 0.00
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.
- risk 0.48cvss 7.4epss 0.00
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.
- risk 0.48cvss 7.4epss 0.00
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.
- risk 0.48cvss 7.4epss 0.00
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.
- risk 0.48cvss 7.3epss 0.01
A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be launched remotely. The…
- risk 0.48cvss 7.3epss 0.01
A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file bookPerPub.php. The manipulation of the argument pubid leads to sql injection. The attack can be launched…
- risk 0.51cvss 7.8epss 0.00
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of…
- risk 0.51cvss 7.8epss 0.00
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.
- risk 0.51cvss 7.8epss 0.00
NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
- risk 0.51cvss 7.8epss 0.00
NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering.
- risk 0.51cvss 7.8epss 0.00
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of…
- risk 0.48cvss 7.3epss 0.01
A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. Affected is the function log_employee of the file /classes/Master.php?f=log_employee. The manipulation of the argument employee_code leads to sql…
- risk 0.53cvss 8.1epss 0.00
In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.57cvss 8.8epss 0.00
In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.49cvss 7.5epss 0.00
In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.48cvss 7.4epss 0.00
In gpu_pm_power_on_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for…
- risk 0.48cvss 7.4epss 0.00
In lwis_initialize_transaction_fences of lwis_fence.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.46cvss 7.1epss 0.00
In set_secure_reg of sac_handler.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.51cvss 7.8epss 0.00
In lwis_add_completion_fence of lwis_fence.c, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.