25 matches found
VulnCheck KEV: CVE-2026-20931
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network...
CVE-2026-20931
creationtimestamp| type| source ---|---|--- 2026-01-13 18:01:16+00:00| seen| https://www.thezdi.com/blog/2026/1/13/the-january-2026-security-update-review 2026-01-13 18:16:30+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0007 2026-01-24 21:23:49+00:00| seen|...
CVE-2026-20931 Windows Telephony Service Elevation of Privilege Vulnerability
...
CVE-2025-20931
creationtimestamp| type| source ---|---|--- 2025-03-06 05:36:37+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6638 2025-03-06 07:09:11+00:00| seen| https://t.me/cvedetector/19671...
CVE-2025-20931
Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code...
CVE-2024-20931
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic...
CVE-2022-20931
creationtimestamp| type| source ---|---|--- 2024-11-15 16:08:32+00:00| seen| https://infosec.exchange/users/cve/statuses/113487833443786916...
CVE-2022-20931
CVE-2022-20931 concerns Cisco TelePresence CE Software used on Cisco Touch 10 devices, where weak version control allows an unauthenticated, adjacent attacker to downgrade to an older software version. The root cause is insufficient version control in the software update flow, enabling installati...
CVE-2023-42058
The CVE-2023-42058 entry concerns PDF-XChange Editor. Affected component: U3D file parsing. Root cause: insufficient validation leads to an out-of-bounds read in U3D parsing, enabling remote code execution. Attack requires user interaction (visiting a malicious page or opening a malicious file). ...
CVE-2024-20931
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic...
CVE-2024-20931
...
CVE-2024-20931
CVE-2024-20931 affects Oracle WebLogic Server (Core) in Oracle Fusion Middleware, specifically versions 12.2.1.4.0 and 14.1.1.0.0. The flaw, described across NVD/Red Hat/NCSC/CNNVD sources, enables an unauthenticated attacker with network access via T3 or IIOP to compromise the WebLogic server, p...
CVE-2024-20931
...
CVE-2024-20931
creationtimestamp| type| source ---|---|--- 2024-02-02 02:01:07+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/6548 2024-02-03 06:15:47+00:00| published-proof-of-concept| https://t.me/cKure/12278 2024-02-04 05:16:51+00:00| published-proof-of-concept| https://t.me/CNArsenal/1950...
Exploit for Improper Access Control in Oracle Weblogic_Server
CVE-2024-20931 The PoC for CVE-2024-2...
CVE-2023-20931
In avdtscbhdlwritereq of avdtscbact.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...
CVE-2023-20931
In avdtscbhdlwritereq of avdtscbact.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...
CVE-2023-20931
In CVE-2023-20931, the issue is an out-of-bounds write caused by a heap buffer overflow in avdt_scb_hdl_write_req (avdt_scb_act.cc) that could enable local privilege escalation on Android 11–13. The description confirms the vulnerability requires no user interaction and can be exploited locally w...
CVE-2018-20931
The CVE-2018-20931 issue affects cPanel prior to 70.0.23, where demo (non-privileged) accounts can execute code via the Landing Page (SEC-405). The vulnerability enables code execution through the web interface and is reflected in multiple sources (e.g., NVD, RH, CNVD). Affected product: cPanel W...
The vulnerability of the OpenEdge software platform, related to deficiencies in access control, allows a hacker to execute malicious Java classes.
The vulnerability of the OpenEdge software platform is related to deficiencies in access control when using the standard configuration. Exploiting this vulnerability allows a malicious actor to upload and execute malicious Java classes through specially crafted URL addresses using port 20931...