Total 278747 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-34648 1 Samsung 1 Android 2024-09-05 5.1 Medium
Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data.
CVE-2024-34653 1 Samsung 1 Android 2024-09-05 4.6 Medium
Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege.
CVE-2024-34639 1 Samsung 1 Android 2024-09-05 4.6 Medium
Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.
CVE-2024-34640 1 Samsung 1 Android 2024-09-05 3.3 Low
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.
CVE-2024-34642 1 Samsung 1 Android 2024-09-05 4.6 Medium
Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information.
CVE-2024-34643 1 Samsung 1 Android 2024-09-05 4.4 Medium
Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.
CVE-2024-34644 1 Samsung 1 Android 2024-09-05 4.4 Medium
Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.
CVE-2024-34645 1 Samsung 1 Android 2024-09-05 6.1 Medium
Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1 allows physical attackers to install privileged applications.
CVE-2024-34646 1 Samsung 1 Android 2024-09-05 6.6 Medium
Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service.
CVE-2024-34655 1 Samsung 1 Android 2024-09-05 6.2 Medium
Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager.
CVE-2024-34647 1 Samsung 1 Android 2024-09-05 4 Medium
Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license.
CVE-2024-34654 1 Samsung 1 Android 2024-09-05 6.2 Medium
Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege.
CVE-2024-34649 1 Samsung 1 Android 2024-09-05 2.4 Low
Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen.
CVE-2024-34650 1 Samsung 1 Android 2024-09-05 4 Medium
Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel.
CVE-2024-34651 1 Samsung 1 Android 2024-09-05 6.2 Medium
Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files.
CVE-2024-34652 1 Samsung 1 Android 2024-09-05 4 Medium
Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage.
CVE-2024-34661 1 Samsung 1 Assistant 2024-09-05 4.3 Medium
Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability.
CVE-2024-7834 1 Overwolf 1 Overwolf 2024-09-05 7.8 High
A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location.
CVE-2024-8462 2024-09-05 3.7 Low
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.390.1 is able to address this issue. The patch is identified as acfe7786152f036f2476f93ab5536571514fa9e3. It is recommended to upgrade the affected component.
CVE-2024-44587 1 Itsourcecode 1 Alton Management System 2024-09-05 8.8 High
itsourcecode Alton Management System 1.0 is vulnerable to SQL Injection in /noncombo_save.php via the "menu" parameter.