Skip to main content
CVE-2024-31320 HIGH PATCH This Week

In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Java Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-31319 HIGH PATCH This Week

In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-31318 HIGH PATCH This Week

In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31317 HIGH PATCH This Week

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-31316 HIGH PATCH This Week

In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31315 HIGH PATCH This Week

In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31313 HIGH PATCH This Week

In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31311 HIGH PATCH This Week

In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31310 HIGH PATCH This Week

In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23711 HIGH This Week

In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23698 HIGH This Week

In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23697 HIGH This Week

In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Privilege Escalation +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23696 HIGH This Week

In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Privilege Escalation +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23695 HIGH This Week

In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34139 HIGH This Week

Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Bridge
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-20785 HIGH This Week

InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-20783 HIGH This Week

InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-20782 HIGH This Week

InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Indesign
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-20781 HIGH This Week

InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-39684 HIGH This Week

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-38100 HIGH PATCH This Week

Windows File Explorer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows Server 2016 Windows Server 2019 Windows Server 2022 +1
NVD
CVSS 3.1
7.8
EPSS
4.5%
CVE-2024-38085 HIGH PATCH This Week

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
5.3%
CVE-2024-38080 HIGH KEV PATCH THREAT This Week

Windows Hyper-V Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 11 21H2 Windows 11 22h2 +3
NVD
CVSS 3.1
7.8
EPSS
7.1%
CVE-2024-38079 HIGH PATCH This Week

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-38070 HIGH PATCH This Week

Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-38066 HIGH PATCH This Week

Windows Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1507 +11
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-38062 HIGH PATCH This Week

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2024-38059 HIGH PATCH This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Windows 10 21h2 Windows 10 22h2 +5
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2024-38057 HIGH PATCH This Week

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-38054 HIGH PATCH This Week

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.8
EPSS
10.4%
CVE-2024-38052 HIGH PATCH This Week

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
7.8
EPSS
7.0%
CVE-2024-38051 HIGH PATCH This Week

Windows Graphics Component Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-38050 HIGH PATCH This Week

Windows Workstation Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-38047 HIGH PATCH This Week

PowerShell Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-38043 HIGH PATCH This Week

PowerShell Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-38034 HIGH PATCH This Week

Windows Filtering Platform Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-35261 HIGH PATCH This Week

Azure Network Watcher VM Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Azure Network Watcher Agent
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-30079 HIGH PATCH This Week

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-4944 HIGH This Week

A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Watchguard Command Injection Microsoft Mobile Vpn With Ssl
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-5479 HIGH This Week

The Easy Pixels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.13 due to insufficient input sanitization and output. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2024-37497 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetThemeCore jet-theme-core.2.1. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
7.7
EPSS
0.2%
CVE-2024-39598 HIGH This Week

SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Information Disclosure SAP Customer Relationship Management S4Fnd Customer Relationship Management Webclient Ui
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-35267 HIGH PATCH This Week

Azure DevOps Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Azure Devops Server
NVD
CVSS 3.1
7.6
EPSS
1.6%
CVE-2024-35266 HIGH PATCH This Week

Azure DevOps Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Azure Devops Server
NVD
CVSS 3.1
7.6
EPSS
1.6%
CVE-2024-36676 HIGH PATCH This Week

Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31957 HIGH This Week

A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Denial Of Service Exynos 2200 Firmware Exynos 2400 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-27362 HIGH This Week

A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1280 Firmware Exynos 2200 Firmware Exynos 1330 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-27360 HIGH This Week

A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Denial Of Service Exynos 850 Firmware Exynos 1080 Firmware Exynos 2100 Firmware +5
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-38112 HIGH KEV PATCH THREAT This Week

Windows MSHTML Platform Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.5
EPSS
84.3%
CVE-2024-38091 HIGH PATCH This Week

Microsoft WS-Discovery Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.5
EPSS
1.9%
Prev Page 5 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy