Lucene search
K

213 matches found

Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.6 views

PT-2024-30947 · Google · Android

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to an insecure default value, which could lead to a possible arbitrary read. This might cause local information disclosure with System execution privileges needed. Use...

4.4CVSS6.2AI score0.00078EPSS
Exploits0References7
OSV
OSV
added 2024/09/01 12:0 a.m.31 views

PUB-A-342511931

there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

4.4CVSS4.4AI score0.00078EPSS
Exploits0References1
CNVD
CNVD
added 2024/08/21 12:0 a.m.6 views

Google Android elevation of privilege vulnerability (CNVD-2024-37968)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by an insecure default value in FooterActionsViewModel ktonForegroundServiceButtonClicked. An attacker can exploit this vulnerability to elevate...

7.8CVSS6.7AI score0.00086EPSS
Exploits0References1
CVE
CVE
added 2024/08/15 9:56 p.m.111 views

CVE-2024-34734

CVE-2024-34734 describes an Elevation of Privilege in Android related to FooterActionsViewModel.kt (onForegroundServiceButtonClicked): an insecure default value could allow disabling the active VPN from the lockscreen with local impact and no user interaction. The vulnerability is tracked in mult...

7.8CVSS6.8AI score0.00086EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/17 5:42 p.m.26 views

CVE-2024-40639

...

8.3AI score
Exploits0
CVE
CVE
added 2024/07/09 12:5 p.m.51 views

CVE-2024-39888

CVE-2024-39888 affects Mendix Encryption versions 10.0.0 to 10.0.1, where a hard-coded default EncryptionKey enables decryption of encrypted project data if no per-project key is specified. Root cause: a security-relevant constant defined by default in the module. Consequences stated across sourc...

8.7CVSS6.8AI score0.00244EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/08 12:0 a.m.5 views

PT-2024-27050 · Undertow · Undertow

Name of the Vulnerable Software and Affected Versions: Undertow affected versions not specified Description: A vulnerability was found in Undertow, which requires the learning-push handler to be enabled in the server's config. By default, this handler is disabled. If enabled and the maxAge config...

6.3CVSS8AI score0.01866EPSS
Exploits0References24
NVD
NVD
added 2024/05/06 3:15 a.m.25 views

CVE-2024-20056

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185...

6.7CVSS6.7AI score0.00091EPSS
Exploits0References1
OSV
OSV
added 2024/05/06 3:15 a.m.3 views

CVE-2024-20056

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185...

6.7CVSS5.9AI score0.00091EPSS
Exploits0References1
CVE
CVE
added 2024/05/06 2:51 a.m.115 views

CVE-2024-20056

CVE-2024-20056 affects MediaTek preloader: insecure default value enables local privilege escalation to SYSTEM, with no user interaction required. Patch ALPS08528185/ALPS08528185 issued; details on exploitation not provided in the connected docs.

6.7CVSS6.9AI score0.00091EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2024/05/03 5:38 p.m.42 views

CVE-2024-34067 Multiple cross site scripting (XSS) vulnerabilities in the admin area of Pterodactyl panel

Pterodactyl is a free, open-source game server management panel built with PHP, React, and Go. Importing a malicious egg or gaining access to wings instance could lead to cross site scripting XSS on the panel, which could be used to gain an administrator account on the panel. Specifically, the...

6.1CVSS6.4AI score0.00457EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.4 views

PT-2024-25684 · Amazon · Sagemaker-Python-Sdk

Name of the Vulnerable Software and Affected Versions: sagemaker-python-sdk versions prior to 2.214.3 Description: The capture dependencies function in the sagemaker.serve.save retrive.version 1 0 0.save.utils module allows for potentially unsafe Operating System OS Command Injection if an...

7.8CVSS8.3AI score0.01143EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.4 views

kernel: drm/amd/display: Fix possible underflow for displays with large vblank

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix possible underflow for displays with large vblank Why Underflow observed when using a display with a large vblank region and low refresh rate How Simplify calculation of vblanknom Increase value for...

5.5CVSS6.8AI score0.00134EPSS
Exploits0References5
OSV
OSV
added 2024/02/27 9:41 p.m.22 views

GHSA-9822-6M93-XQF4 Rails has possible XSS Vulnerability in Action Controller

Possible XSS Vulnerability in Action Controller There is a possible XSS vulnerability when using the translation helpers translate, t, etc in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: = 7.0.0. Not affected: 7.0.0 Fixed Versions:...

6.1CVSS5.2AI score0.01034EPSS
Exploits1References8
NVD
NVD
added 2024/01/02 11:15 p.m.74 views

CVE-2023-48418

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ...

10CVSS9AI score0.0022EPSS
Exploits2References2
Prion
Prion
added 2023/10/30 6:15 p.m.18 views

Default configuration

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS8.2AI score0.001EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/09/04 3:15 a.m.2 views

CVE-2023-32805

In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892...

6.5CVSS5.9AI score0.00088EPSS
Exploits0References1
Prion
Prion
added 2023/09/04 3:15 a.m.13 views

Out-of-bounds

In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892...

3.8CVSS6.7AI score0.00088EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/04 2:28 a.m.20 views

CVE-2023-32805

In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892...

6.9AI score0.00088EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/04 2:28 a.m.12 views

CVE-2023-32805

In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892...

7.2AI score0.00088EPSS
Exploits0References1
Rows per page
Query Builder