VYPR

CVEs

100,088 total · page 667 of 2,002

  • CVE-2024-32899HigJun 13, 2024
    risk 0.46cvss 7.0epss 0.00

    In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-32896HigKEVJun 13, 2024
    risk 0.63cvss 7.8epss 0.03

    there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2024-32895HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-32894HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.00

    In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-32892HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-32891HigJun 13, 2024
    risk 0.46cvss 7.0epss 0.00

    In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-29787HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-29784HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-29781HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.00

    In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-5950HigJun 13, 2024
    risk 0.57cvss 8.8epss 0.01

    Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication…

  • CVE-2024-5948HigJun 13, 2024
    risk 0.57cvss 8.8epss 0.01

    Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not…

  • CVE-2024-5924HigJun 13, 2024
    risk 0.57cvss 8.8epss 0.01

    Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the…

  • CVE-2024-4696HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.00

    A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited.

  • CVE-2024-37633HigJun 13, 2024
    risk 0.57cvss 8.8epss 0.01

    TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg

  • CVE-2024-37631HigJun 13, 2024
    risk 0.57cvss 8.8epss 0.01

    TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule.

  • CVE-2024-36587HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy.

  • CVE-2024-36586HigJun 13, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary.

  • CVE-2024-38285HigJun 13, 2024
    risk 0.46cvss epss 0.00

    Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools.

  • CVE-2024-38284HigJun 13, 2024
    risk 0.57cvss epss 0.00

    Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls.

  • CVE-2024-38282HigJun 13, 2024
    risk 0.55cvss epss 0.00

    Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system.

  • CVE-2024-37630HigJun 13, 2024
    risk 0.57cvss 8.8epss 0.00

    D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root.

  • CVE-2024-37029HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.

  • CVE-2024-37022HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code.

  • CVE-2024-36760HigJun 13, 2024
    risk 0.42cvss 7.5epss 0.00

    A stack overflow vulnerability was found in version 1.18.0 of rhai. The flaw position is: (/ SRC/rhai/SRC/eval/STMT. Rs in rhai: : eval: : STMT: : _ $LT $impl $u20 $rhai.. engine.. Engine$GT$::eval_stmt::h3f1d68ce37fc6e96). Due to the stack overflow is a recursive…

  • CVE-2024-32504HigJun 13, 2024
    risk 0.55cvss 8.4epss 0.00

    An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper length checking, which can result in an OOB (Out-of-Bounds) Write…

  • CVE-2024-31956HigJun 13, 2024
    risk 0.55cvss 8.4epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds Write.

  • CVE-2024-37307HigJun 13, 2024
    risk 0.44cvss 7.9epss 0.00

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of `cilium-bugtool` can contain sensitive data when the tool is run (with the `--envoy-dump` flag…

  • CVE-2024-37306HigJun 13, 2024
    risk 0.00cvss 7.1epss 0.00

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export…

  • CVE-2024-37164HigJun 13, 2024
    risk 0.00cvss 7.1epss 0.00

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an…

  • CVE-2024-37131HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.00

    SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of…

  • CVE-2024-36396HigJun 13, 2024
    risk 0.57cvss 8.8epss 0.00

    Verint - CWE-434: Unrestricted Upload of File with Dangerous Type

  • CVE-2024-32860HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.00

    Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

  • CVE-2024-32859HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.00

    Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

  • CVE-2024-32858HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.00

    Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

  • CVE-2024-34129HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.00

    Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to access…

  • CVE-2024-34116HigJun 13, 2024
    risk 0.46cvss 7.1epss 0.00

    Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file…

  • CVE-2024-34115HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2024-34112HigJun 13, 2024
    risk 0.51cvss 7.5epss 0.24

    ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this…

  • CVE-2024-30472HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.01

    Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure.

  • CVE-2024-20753HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the…

  • CVE-2024-34110HigJun 13, 2024
    risk 0.47cvss 7.2epss 0.01

    Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a…

  • CVE-2024-34109HigJun 13, 2024
    risk 0.47cvss 7.2epss 0.02

    Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but…

  • CVE-2024-34104HigJun 13, 2024
    risk 0.46cvss 8.2epss 0.01

    Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access,…

  • CVE-2024-34103HigJun 13, 2024
    risk 0.46cvss 8.1epss 0.01

    Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the…

  • CVE-2024-26029HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.01

    Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain disclose information. Exploitation of…

  • CVE-2024-4145HigJun 13, 2024
    risk 0.47cvss 7.2epss 0.00

    The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network).

  • CVE-2024-2098HigJun 13, 2024
    risk 0.42cvss 7.5epss 0.00

    The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download…

  • CVE-2024-3468HigJun 12, 2024
    risk 0.55cvss epss 0.00

    There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker.

  • CVE-2024-3467HigJun 12, 2024
    risk 0.51cvss 7.8epss 0.00

    There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker.

  • CVE-2024-37665HigJun 12, 2024
    risk 0.57cvss 8.8epss 0.01

    An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request.