Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-20
Total 9170 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-20640 2 Google, Mediatek 7 Android, Mt6879, Mt6895 and 4 more 2023-03-12 N/A 6.7 MEDIUM
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629573; Issue ID: ALPS07629573.
CVE-2023-20621 2 Google, Mediatek 13 Android, Mt6739, Mt6761 and 10 more 2023-03-12 N/A 6.7 MEDIUM
In tinysys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664755; Issue ID: ALPS07664755.
CVE-2023-20626 2 Google, Mediatek 27 Android, Mt6739, Mt6761 and 24 more 2023-03-12 N/A 6.7 MEDIUM
In msdc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405223; Issue ID: ALPS07405223.
CVE-2023-20636 2 Google, Mediatek 5 Android, Mt6895, Mt6985 and 2 more 2023-03-12 N/A 6.7 MEDIUM
In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292593; Issue ID: ALPS07292593.
CVE-2023-20637 2 Google, Mediatek 14 Android, Mt6879, Mt6895 and 11 more 2023-03-12 N/A 6.7 MEDIUM
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628588; Issue ID: ALPS07628588.
CVE-2023-22952 1 Sugarcrm 1 Sugarcrm 2023-03-10 N/A 8.8 HIGH
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.
CVE-2023-20649 2 Google, Mediatek 37 Android, Mt6761, Mt6762 and 34 more 2023-03-10 N/A 4.4 MEDIUM
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628607; Issue ID: ALPS07628607.
CVE-2023-20651 2 Google, Mediatek 14 Android, Mt6853, Mt6853t and 11 more 2023-03-10 N/A 4.4 MEDIUM
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629576; Issue ID: ALPS07629576.
CVE-2023-20650 2 Google, Mediatek 14 Android, Mt6853, Mt6853t and 11 more 2023-03-10 N/A 6.7 MEDIUM
In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629577; Issue ID: ALPS07629577.
CVE-2023-20644 2 Google, Mediatek 33 Android, Mt6580, Mt6739 and 30 more 2023-03-10 N/A 4.4 MEDIUM
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628603; Issue ID: ALPS07628603.
CVE-2023-20643 2 Google, Mediatek 26 Android, Mt6739, Mt6761 and 23 more 2023-03-10 N/A 6.7 MEDIUM
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628584; Issue ID: ALPS07628584.
CVE-2023-20642 2 Google, Mediatek 14 Android, Mt6879, Mt6895 and 11 more 2023-03-10 N/A 6.7 MEDIUM
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628586; Issue ID: ALPS07628586.
CVE-2023-20647 2 Google, Mediatek 33 Android, Mt6739, Mt6761 and 30 more 2023-03-10 N/A 4.4 MEDIUM
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628547; Issue ID: ALPS07628547.
CVE-2023-20646 2 Google, Mediatek 44 Android, Mt6737, Mt6739 and 41 more 2023-03-10 N/A 4.4 MEDIUM
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628536; Issue ID: ALPS07628536.
CVE-2023-20645 2 Google, Mediatek 20 Android, Mt6739, Mt6761 and 17 more 2023-03-10 N/A 4.4 MEDIUM
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628609; Issue ID: ALPS07628609.
CVE-2023-20648 2 Google, Mediatek 38 Android, Mt6761, Mt6762 and 35 more 2023-03-10 N/A 4.4 MEDIUM
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628612; Issue ID: ALPS07628612.
CVE-2023-26281 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Http Server and 4 more 2023-03-09 N/A 7.5 HIGH
IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296.
CVE-2020-10567 1 Tecrail 1 Responsive Filemanager 2023-03-07 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.)
CVE-2022-48261 1 Huawei 2 Bisheng-wnm, Bisheng-wnm Firmware 2023-03-07 N/A 7.5 HIGH
There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation of this vulnerability may cause the printer service to be abnormal.
CVE-2022-48230 1 Huawei 2 Bisheng-wnm, Bisheng-wnm Firmware 2023-03-07 N/A 7.5 HIGH
There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to DoS.