Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21015 | 1 Google | 1 Android | 2025-03-17 | 7.8 High |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569778 | ||||
| CVE-2023-20858 | 2 Microsoft, Vmware | 2 Windows, Carbon Black App Control | 2025-03-17 | 7.2 High |
| VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system. | ||||
| CVE-2023-20855 | 1 Vmware | 2 Vrealize Automation, Vrealize Orchestrator | 2025-03-17 | 8.8 High |
| VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges. | ||||
| CVE-2023-20662 | 4 Google, Linux, Mediatek and 1 more | 29 Android, Linux Kernel, Mt5221 and 26 more | 2025-03-17 | 6.7 Medium |
| In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560765; Issue ID: ALPS07560765. | ||||
| CVE-2023-20661 | 4 Google, Linux, Mediatek and 1 more | 29 Android, Linux Kernel, Mt5221 and 26 more | 2025-03-17 | 6.7 Medium |
| In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560782; Issue ID: ALPS07560782. | ||||
| CVE-2023-20660 | 4 Google, Linux, Mediatek and 1 more | 29 Android, Linux Kernel, Mt5221 and 26 more | 2025-03-17 | 4.4 Medium |
| In wlan, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588383; Issue ID: ALPS07588383. | ||||
| CVE-2023-20659 | 4 Google, Linux, Mediatek and 1 more | 37 Android, Linux Kernel, Mt5221 and 34 more | 2025-03-17 | 6.7 Medium |
| In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588413. | ||||
| CVE-2023-20658 | 2 Google, Mediatek | 8 Android, Mt6895, Mt6983 and 5 more | 2025-03-17 | 6.7 Medium |
| In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07537393; Issue ID: ALPS07180396. | ||||
| CVE-2023-20657 | 2 Google, Mediatek | 40 Android, Mt6580, Mt6735 and 37 more | 2025-03-17 | 6.7 Medium |
| In mtee, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571485; Issue ID: ALPS07571485. | ||||
| CVE-2023-20656 | 2 Google, Mediatek | 34 Android, Mt6765, Mt6768 and 31 more | 2025-03-17 | 6.7 Medium |
| In geniezone, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571494; Issue ID: ALPS07571494. | ||||
| CVE-2023-20655 | 2 Google, Mediatek | 60 Android, Mt2715, Mt6580 and 57 more | 2025-03-17 | 7.8 High |
| In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022. | ||||
| CVE-2023-20654 | 2 Google, Mediatek | 60 Android, Mt6580, Mt6731 and 57 more | 2025-03-17 | 6.7 Medium |
| In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589148. | ||||
| CVE-2023-0952 | 1 Devolutions | 1 Devolutions Server | 2025-03-17 | 6.5 Medium |
| Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization. | ||||
| CVE-2023-0951 | 1 Devolutions | 1 Devolutions Server | 2025-03-17 | 8.8 High |
| Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions. | ||||
| CVE-2022-45600 | 1 Aztech | 2 Wmb250ac, Wmb250ac Firmware | 2025-03-17 | 8.8 High |
| Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. | ||||
| CVE-2022-45599 | 1 Aztech | 2 Wmb250ac, Wmb250ac Firmware | 2025-03-17 | 9.8 Critical |
| Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given accounts hashed password. | ||||
| CVE-2022-40348 | 1 Intern Record System Project | 1 Intern Record System | 2025-03-17 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code. | ||||
| CVE-2022-37938 | 1 Hpe | 1 Serviceguard For Linux | 2025-03-17 | 9.8 Critical |
| Unauthenticated server side request forgery in HPE Serviceguard Manager | ||||
| CVE-2022-37937 | 1 Hpe | 1 Serviceguard For Linux | 2025-03-17 | 9.8 Critical |
| Pre-auth memory corruption in HPE Serviceguard | ||||
| CVE-2022-37936 | 1 Hpe | 1 Serviceguard For Linux | 2025-03-17 | 9.8 Critical |
| Unauthenticated Java deserialization vulnerability in Serviceguard Manager | ||||