Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-41828 |
An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider. Published: May 03, 2024; 10:15:10 AM -0400 |
V3.1: 4.4 MEDIUM V2.0:(not available) |
CVE-2023-41826 |
A PendingIntent hijacking vulnerability in Motorola Device Help (Genie) application that could allow local attackers to access files or interact with non-exported software components without permission. Published: May 03, 2024; 10:15:10 AM -0400 |
V3.1: 5.1 MEDIUM V2.0:(not available) |
CVE-2023-41825 |
A path traversal vulnerability was reported in the Motorola Ready For application that could allow a local attacker to access local files. Published: May 03, 2024; 10:15:09 AM -0400 |
V3.1: 2.8 LOW V2.0:(not available) |
CVE-2023-41824 |
An implicit intent vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read the calling phone number and calling data. Published: May 03, 2024; 10:15:09 AM -0400 |
V3.1: 2.8 LOW V2.0:(not available) |
CVE-2023-41823 |
An improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized Activities. Published: May 03, 2024; 10:15:09 AM -0400 |
V3.1: 4.4 MEDIUM V2.0:(not available) |
CVE-2023-41822 |
An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands. Published: May 03, 2024; 10:15:09 AM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-41821 |
A an improper export vulnerability was reported in the Motorola Setup application that could allow a local attacker to read sensitive user information. Published: May 03, 2024; 10:15:09 AM -0400 |
V3.1: 5.0 MEDIUM V2.0:(not available) |
CVE-2023-41820 |
An implicit intent vulnerability was reported in the Motorola Ready For application that could allow a local attacker to read information about connected Bluetooth audio devices. Published: May 03, 2024; 10:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-41819 |
A PendingIntent hijacking vulnerability was reported in the Motorola Face Unlock application that could allow a local attacker to access unauthorized content providers. Published: May 03, 2024; 10:15:08 AM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-41818 |
An improper use of the SD card for sensitive data vulnerability was reported in the Motorola Device Help application that could allow a local attacker to read system logs. Published: May 03, 2024; 10:15:08 AM -0400 |
V3.1: 5.0 MEDIUM V2.0:(not available) |
CVE-2023-41817 |
An improper export vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read unauthorized information. Published: May 03, 2024; 10:15:08 AM -0400 |
V3.1: 2.8 LOW V2.0:(not available) |
CVE-2023-41816 |
An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database. Published: May 03, 2024; 10:15:08 AM -0400 |
V3.1: 5.0 MEDIUM V2.0:(not available) |
CVE-2024-33787 |
Hengan Weighing Management Information Query Platform 2019-2021 53.25 was discovered to contain a SQL injection vulnerability via the tuser_Number parameter at search_user.aspx. Published: May 03, 2024; 9:15:22 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33786 |
An arbitrary file upload vulnerability in Zhongcheng Kexin Ticketing Management Platform 20.04 allows attackers to execute arbitrary code via uploading a crafted file. Published: May 03, 2024; 9:15:21 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2410 |
The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed. Published: May 03, 2024; 9:15:21 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-4466 |
SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data stored in the database. Published: May 03, 2024; 8:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-4461 |
Unquoted path or search item vulnerability in SugarSync versions prior to 4.1.3 for Windows. This misconfiguration could allow an unauthorized local user to inject arbitrary code into the unquoted service path, resulting in privilege escalation. Published: May 03, 2024; 7:15:22 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34073 |
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils` module allows for potentially unsafe Operating System (OS) Command Injection if inappropriate command is passed as the “requirements_path” parameter. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. This issue has been addressed in version 2.214.3. Users are advised to upgrade. Users unable to upgrade should not override the “requirements_path” parameter of capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils`, and instead use the default value. Published: May 03, 2024; 7:15:22 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34072 |
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. Users are advised to upgrade to version 2.218.0. Users unable to upgrade should not pass pickled numpy object arrays which originated from an untrusted source, or that could have been tampered with. Only pass pickled numpy object arrays from trusted sources. Published: May 03, 2024; 7:15:22 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34063 |
vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization capabilities behind a feature flag and defaulted this feature to off. The degraded zeroization capabilities could result in the production of more memory copies of encryption secrets and secrets could linger in memory longer than necessary. This marginally increases the risk of sensitive data exposure. This issue has been addressed in version 0.6.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Published: May 03, 2024; 6:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |