| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code. |
| Out-of-bounds read in Samsung Notes allows local attackers to bypass ASLR. |
| 6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server. |
| 6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL command to read, modify, and delete database contents. |
| Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. |
| Ringer server is the server code for the Ringer messaging app. Prior to version 1.3.1, there is an issue with the messages loading route where Ringer Server does not check to ensure that the user loading the conversation is actually a member of that conversation. This allows any user with a Lif Account to load any conversation between two users without permission. This issue had been patched in version 1.3.1. There is no action required for users. Lif Platforms will update their servers with the patch. |
| An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter. |
| Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61. |
| ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61. |
| ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61. |
| Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. |
| Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. |
| Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. |
| Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access. |
| Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access. |
| A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/E_bak5.1/upload/. When accessed with the query parameter phome=ShowPHPInfo, the application executes the phpinfo() function, which exposes detailed information about the PHP environment, including server configuration, loaded modules, and environment variables. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as this is a duplicate of CVE-2023-36540. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as this is a duplicate of CVE-2023-36541. |
