Total
278747 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-34648 | 1 Samsung | 1 Android | 2024-09-05 | 5.1 Medium |
Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data. | ||||
CVE-2024-34653 | 1 Samsung | 1 Android | 2024-09-05 | 4.6 Medium |
Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege. | ||||
CVE-2024-34639 | 1 Samsung | 1 Android | 2024-09-05 | 4.6 Medium |
Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation. | ||||
CVE-2024-34640 | 1 Samsung | 1 Android | 2024-09-05 | 3.3 Low |
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration. | ||||
CVE-2024-34642 | 1 Samsung | 1 Android | 2024-09-05 | 4.6 Medium |
Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information. | ||||
CVE-2024-34643 | 1 Samsung | 1 Android | 2024-09-05 | 4.4 Medium |
Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability. | ||||
CVE-2024-34644 | 1 Samsung | 1 Android | 2024-09-05 | 4.4 Medium |
Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability. | ||||
CVE-2024-34645 | 1 Samsung | 1 Android | 2024-09-05 | 6.1 Medium |
Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1 allows physical attackers to install privileged applications. | ||||
CVE-2024-34646 | 1 Samsung | 1 Android | 2024-09-05 | 6.6 Medium |
Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service. | ||||
CVE-2024-34655 | 1 Samsung | 1 Android | 2024-09-05 | 6.2 Medium |
Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager. | ||||
CVE-2024-34647 | 1 Samsung | 1 Android | 2024-09-05 | 4 Medium |
Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license. | ||||
CVE-2024-34654 | 1 Samsung | 1 Android | 2024-09-05 | 6.2 Medium |
Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege. | ||||
CVE-2024-34649 | 1 Samsung | 1 Android | 2024-09-05 | 2.4 Low |
Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen. | ||||
CVE-2024-34650 | 1 Samsung | 1 Android | 2024-09-05 | 4 Medium |
Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel. | ||||
CVE-2024-34651 | 1 Samsung | 1 Android | 2024-09-05 | 6.2 Medium |
Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files. | ||||
CVE-2024-34652 | 1 Samsung | 1 Android | 2024-09-05 | 4 Medium |
Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage. | ||||
CVE-2024-34661 | 1 Samsung | 1 Assistant | 2024-09-05 | 4.3 Medium |
Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability. | ||||
CVE-2024-7834 | 1 Overwolf | 1 Overwolf | 2024-09-05 | 7.8 High |
A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location. | ||||
CVE-2024-8462 | 2024-09-05 | 3.7 Low | ||
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.390.1 is able to address this issue. The patch is identified as acfe7786152f036f2476f93ab5536571514fa9e3. It is recommended to upgrade the affected component. | ||||
CVE-2024-44587 | 1 Itsourcecode | 1 Alton Management System | 2024-09-05 | 8.8 High |
itsourcecode Alton Management System 1.0 is vulnerable to SQL Injection in /noncombo_save.php via the "menu" parameter. |