Show filters
1,245 topics marked with the following tags:
Displaying 11-20 of 1,245
Sort by:
Attacker Value
Unknown

CVE-2023-35674

Disclosure Date: September 11, 2023 (last updated October 08, 2023)
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Attacker Value
Unknown

CVE-2023-2033

Disclosure Date: April 14, 2023 (last updated June 28, 2024)
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Attacker Value
Unknown

CVE-2023-2136

Disclosure Date: April 19, 2023 (last updated October 08, 2023)
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Attacker Value
Unknown

CVE-2023-28204

Disclosure Date: June 23, 2023 (last updated June 28, 2024)
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
Attacker Value
Unknown

CVE-2023-41990

Disclosure Date: September 12, 2023 (last updated October 08, 2023)
The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
Attacker Value
Unknown

CVE-2023-26083

Disclosure Date: April 06, 2023 (last updated October 08, 2023)
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Attacker Value
Unknown

CVE-2004-1464

Disclosure Date: December 31, 2004 (last updated June 28, 2024)
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
Attacker Value
Unknown

CVE-2017-11357

Disclosure Date: August 23, 2017 (last updated June 29, 2024)
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Attacker Value
High

CVE-2024-28986

Disclosure Date: August 13, 2024 (last updated August 17, 2024)
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.   However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
Attacker Value
Unknown

CVE-2023-36761

Disclosure Date: September 12, 2023 (last updated June 22, 2024)
Microsoft Word Information Disclosure Vulnerability