KLA79208 Multiple vulnerabilities in Oracle Java

Multiple vulnerabilities were found in Oracle Java. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability can be exploited remotely to execut...

CVE-2025-22394

Dell Display Manager (Windows) is affected by a TOCTOU race condition in versions prior to 2.3.2.18. A low-privileged local attacker could potentially exploit this to achieve code execution and possible privilege escalation. The connected sources confirm the vulnerability of the Dell Display Mana...

CVE-2025-22394

Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use TOCTOU Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation...

CVE-2024-5651

A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution RCE primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a...

KLA70405 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions, spoof user interface, gain privileges, obtain sensitive information...

CVE-2024-20051

In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541758...

CVE-2024-20044

The CVE 2024-20044 affects the da module in MediaTek chips, where a missing bounds check enables an out-of-bounds write. This could allow local escalation of privilege to SYSTEM-level execution with no user interaction required. Patch ALPS08541784/ALPS08541784 is referenced as the mitigation. Con...

CVE-2023-39933

Insufficient verification vulnerability exists in Broadcast Mail CGI pmc.exe included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a user who can upload files through the product may execute an arbitrary executable file with the web server's execution...

Microsoft Windows Multiple Vulnerabilities (KB5035930)

This host is missing an important security update according to Microsoft KB5035930 SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2024-20027

In da, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541633...

Design/Logic Flaw

In da, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541633...

CVE-2024-20030

CVE-2024-20030 affects the MediaTek-related component “da” module. The root cause is improper input validation leading to local information disclosure; exploitation requires no user interaction, but local privileges are needed. The entry notes a patch/mitigation identified as Patch ID ALPS0854163...

CVE-2024-0015

In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

Out-of-bounds

In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed...

CVE-2023-32854

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08240132; Issue ID: ALPS08240132...

CVE-2023-32860

Affected product: MediaTek chips (display module). Vulnerability: classic buffer overflow due to a missing bounds check in display handling. Root cause: out-of-bounds write leading to local privilege escalation with SYSTEM-level privileges required. Exploit: no user interaction required (local ex...

CVE-2023-42721

In flv extractor, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed...

CVE-2023-35653

In TBD of TBD, there is a possible way to access location information due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

Integer overflow

In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817...

CVE-2023-20840

In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326430; Issue ID: ALPS07326430...