Total
24318 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40076 | 1 Google | 1 Android | 2024-02-02 | N/A | 5.5 MEDIUM |
| In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40075 | 1 Google | 1 Android | 2024-02-02 | N/A | 5.5 MEDIUM |
| In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40074 | 1 Google | 1 Android | 2024-02-02 | N/A | 5.5 MEDIUM |
| In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-20277 | 1 Cisco | 1 Thousandeyes Enterprise Agent | 2024-02-02 | N/A | 8.0 HIGH |
| A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands and elevate privileges to root. | |||||
| CVE-2024-20272 | 1 Cisco | 1 Unity Connection | 2024-02-02 | N/A | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root. | |||||
| CVE-2023-21784 | 1 Microsoft | 1 3d Builder | 2024-02-02 | N/A | 7.8 HIGH |
| 3D Builder Remote Code Execution Vulnerability | |||||
| CVE-2023-21783 | 1 Microsoft | 1 3d Builder | 2024-02-02 | N/A | 7.8 HIGH |
| 3D Builder Remote Code Execution Vulnerability | |||||
| CVE-2023-21782 | 1 Microsoft | 1 3d Builder | 2024-02-02 | N/A | 7.8 HIGH |
| 3D Builder Remote Code Execution Vulnerability | |||||
| CVE-2023-21781 | 1 Microsoft | 1 3d Builder | 2024-02-02 | N/A | 7.8 HIGH |
| 3D Builder Remote Code Execution Vulnerability | |||||
| CVE-2023-21780 | 1 Microsoft | 1 3d Builder | 2024-02-02 | N/A | 7.8 HIGH |
| 3D Builder Remote Code Execution Vulnerability | |||||
| CVE-2023-21793 | 1 Microsoft | 1 3d Builder | 2024-02-02 | N/A | 7.8 HIGH |
| 3D Builder Remote Code Execution Vulnerability | |||||
| CVE-2023-21788 | 1 Microsoft | 1 3d Builder | 2024-02-02 | N/A | 7.8 HIGH |
| 3D Builder Remote Code Execution Vulnerability | |||||
| CVE-2023-21787 | 1 Microsoft | 1 3d Builder | 2024-02-02 | N/A | 7.8 HIGH |
| 3D Builder Remote Code Execution Vulnerability | |||||
| CVE-2023-21786 | 1 Microsoft | 1 3d Builder | 2024-02-02 | N/A | 7.8 HIGH |
| 3D Builder Remote Code Execution Vulnerability | |||||
| CVE-2023-21785 | 1 Microsoft | 1 3d Builder | 2024-02-02 | N/A | 7.8 HIGH |
| 3D Builder Remote Code Execution Vulnerability | |||||
| CVE-2023-21792 | 1 Microsoft | 1 3d Builder | 2024-02-02 | N/A | 7.8 HIGH |
| 3D Builder Remote Code Execution Vulnerability | |||||
| CVE-2023-21791 | 1 Microsoft | 1 3d Builder | 2024-02-02 | N/A | 7.8 HIGH |
| 3D Builder Remote Code Execution Vulnerability | |||||
| CVE-2023-21790 | 1 Microsoft | 1 3d Builder | 2024-02-02 | N/A | 7.8 HIGH |
| 3D Builder Remote Code Execution Vulnerability | |||||
| CVE-2023-21789 | 1 Microsoft | 1 3d Builder | 2024-02-02 | N/A | 7.8 HIGH |
| 3D Builder Remote Code Execution Vulnerability | |||||
| CVE-2009-1955 | 7 Apache, Apple, Canonical and 4 more | 7 Apr-util, Mac Os X, Ubuntu Linux and 4 more | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. | |||||