Search Results (363619 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-34594 1 Samsung 1 Android 2024-11-21 5.5 Medium
Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address.
CVE-2024-34593 1 Samsung 1 Android 2024-11-21 7.5 High
Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
CVE-2024-34592 1 Samsung 1 Android 2024-11-21 5.3 Medium
Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
CVE-2024-34591 1 Samsung 1 Android 2024-11-21 5.3 Medium
Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
CVE-2024-34590 1 Samsung 1 Android 2024-11-21 5.3 Medium
Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
CVE-2024-34589 1 Samsung 1 Android 2024-11-21 5.3 Medium
Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
CVE-2024-34588 1 Samsung 1 Android 2024-11-21 5.3 Medium
Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
CVE-2024-34587 1 Samsung 1 Android 2024-11-21 7.5 High
Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
CVE-2024-34586 1 Samsung 1 Android 2024-11-21 5.9 Medium
Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy.
CVE-2024-34585 1 Samsung 1 Android 2024-11-21 7.8 High
Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
CVE-2024-34583 1 Samsung 1 Android 2024-11-21 4 Medium
Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier.
CVE-2024-34552 1 Select-themes 1 Stockholm 2024-11-21 8.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9.6.
CVE-2024-34551 1 Select-themes 1 Stockholm 2024-11-21 9 Critical
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9.6.
CVE-2024-34457 1 Apache 1 Streampark 2024-11-21 6.5 Medium
On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4
CVE-2024-34384 1 Sinaextra 1 Sina Extension For Elementor 2024-11-21 6.5 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension for Elementor: from n/a through 3.5.1.
CVE-2024-34364 1 Envoyproxy 1 Envoy 2024-11-21 5.7 Medium
Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.
CVE-2024-34363 1 Envoyproxy 1 Envoy 2024-11-21 7.5 High
Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash.
CVE-2024-34362 1 Envoyproxy 1 Envoy 2024-11-21 5.9 Medium
Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame, and then after receiving the response, closing the connection.
CVE-2024-34142 1 Adobe 2 Adobe Experience Manager, Experience Manager 2024-11-21 5.4 Medium
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-34141 1 Adobe 2 Adobe Experience Manager, Experience Manager 2024-11-21 5.4 Medium
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.