The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-20052 | In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541761. | -- | Apr 1, 2024 |
| CVE-2024-20050 | In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541757. | -- | Apr 1, 2024 |
| CVE-2018-19133 | In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone\'s email address. | MEDIUM | Nov 9, 2018 |
| CVE-2020-0499 | In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070 | MEDIUM | Dec 15, 2020 |
| CVE-2017-7625 | In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to /dapur/apps/app_theme/libs/save_file.php and then execute code. | HIGH | Apr 10, 2017 |
| CVE-2020-35373 | In Fiyo CMS 2.0.6.1, the \'tag\' parameter results in an unauthenticated XSS attack. | MEDIUM | Jun 17, 2021 |
| CVE-2023-45774 | In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user\'s image due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | -- | Dec 5, 2023 |
| CVE-2023-21191 | In fixNotification of NotificationManagerService.java, there is a possible bypass of notification hide preference due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-269738057 | -- | Jun 28, 2023 |
| CVE-2018-18878 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. | -- | Jun 18, 2019 |
| CVE-2018-18879 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php. | -- | Jun 18, 2019 |
| CVE-2018-18877 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device. | -- | Jun 18, 2019 |
| CVE-2018-18875 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php. | -- | Jun 18, 2019 |
| CVE-2018-18876 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system. | -- | Jun 18, 2019 |
| CVE-2018-18880 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script. | -- | Jun 18, 2019 |
| CVE-2019-13495 | In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field. | LOW | Apr 1, 2020 |
| CVE-2023-42714 | In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42713 | In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42712 | In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42711 | In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42710 | In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42709 | In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42708 | In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42707 | In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42706 | In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42703 | In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42702 | In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42701 | In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42700 | In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2022-47361 | In firewall service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | -- | Feb 12, 2023 |
| CVE-2019-12589 | In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker. | -- | Jun 3, 2019 |
| CVE-2019-9804 | In Firefox Developer Tools it is possible that pasting the result of the \'Copy as cURL\' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66. | HIGH | Apr 30, 2019 |
| CVE-2020-16843 | In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on which the issue is triggered. | MEDIUM | Aug 6, 2020 |
| CVE-2021-46743 | In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself. | MEDIUM | Mar 29, 2022 |
| CVE-2022-20226 | In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213644870 | LOW | Jul 14, 2022 |
| CVE-2019-9377 | In FingerprintService, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. This could lead to a local information disclosure of metadata about the biometrics of another user on the device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128599663 | LOW | Oct 7, 2019 |
| CVE-2017-11178 | In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked. | MEDIUM | Jul 11, 2017 |
| CVE-2017-10968 | In FineCMS through 2017-07-07, applicationcorecontroller emplate.php allows remote PHP code execution by placing the code after <?php in a route=template request. | HIGH | Jul 7, 2017 |
| CVE-2017-10967 | In FineCMS before 2017-07-06, applicationcorecontrollerconfig.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters. | MEDIUM | Jul 6, 2017 |
| CVE-2017-10973 | In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header. | MEDIUM | Jul 6, 2017 |
| CVE-2019-2204 | In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-138442295 | HIGH | Nov 13, 2019 |
| CVE-2021-0387 | In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169421939 | MEDIUM | Mar 12, 2021 |
| CVE-2022-20528 | In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230172711 | -- | Dec 16, 2022 |
| CVE-2021-0476 | In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-169252501 | MEDIUM | Jun 11, 2021 |
| CVE-2019-1985 | In findAvailSpellCheckerLocked of TextServicesManagerService.java, there is a possible way to bypass the warning dialog when selecting an untrusted spell checker due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0Android ID: A-118694079 | HIGH | Jun 21, 2019 |
| CVE-2021-0934 | In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-169762606 | -- | Dec 15, 2022 |
| CVE-2020-0081 | In finalize of AssetManager.java, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144028297 | HIGH | Apr 17, 2020 |
| CVE-2020-27028 | In filter_incoming_event of hci_layer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141618611 | LOW | Dec 16, 2020 |
| CVE-2021-30199 | In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash. | MEDIUM | Apr 21, 2021 |
| CVE-2020-12243 | In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | MEDIUM | Apr 28, 2020 |
| CVE-2023-40139 | In FillUi of FillUi.java, there is a possible way to view another user\'s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | -- | Oct 29, 2023 |
