Total
277428 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42347 | 1 Matrix | 1 Matrix-react-sdk | 2024-08-12 | 7.7 High |
| matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. This was patched in matrix-react-sdk 3.105.0. Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-41677 | 2 Qwik, Qwikdev | 2 Qwik, Qwik | 2024-08-12 | 6.3 Medium |
| Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the `render-ssr.ts` file. It sometimes causes the situation that the final DOM tree rendered on browsers is different from what Qwik expects on server-side rendering. This may be leveraged to perform XSS attacks, and a type of the XSS is known as mXSS (mutation XSS). This has been resolved in qwik version 1.6.0 and @builder.io/qwik version 1.7.3. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-7502 | 1 Deltaww | 1 Diascreen | 2024-08-12 | 7.8 High |
| A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. | ||||
| CVE-2024-42358 | 2 Msweet, Pdfio Project | 2 Pdfio, Pdfio | 2024-08-12 | 6.2 Medium |
| PDFio is a simple C library for reading and writing PDF files. There is a denial of service (DOS) vulnerability in the TTF parser. Maliciously crafted TTF files can cause the program to utilize 100% of the Memory and enter an infinite loop. This can also lead to a heap-buffer-overflow vulnerability. An infinite loop occurs in the read_camp function by nGroups value. The ttf.h library is vulnerable. A value called nGroups is extracted from the file, and by changing that value, you can cause the program to utilize 100% of the Memory and enter an infinite loop. If the value of nGroups in the file is small, an infinite loop will not occur. This library, whether used as a standalone binary or as part of another application, is vulnerable to DOS attacks when parsing certain types of files. Automated systems, including web servers that use this code to convert PDF submissions into plaintext, can be DOSed if an attacker uploads a malicious TTF file. This issue has been addressed in release version 1.3.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-31201 | 2 Plug And Track, Proges | 2 Thermoscan Ip, Thermoscan Ip | 2024-08-12 | 6.5 Medium |
| A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIP_Scrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine. | ||||
| CVE-2024-36424 | 1 K7computing | 1 K7 Ultimate Security | 2024-08-12 | 5.5 Medium |
| K7RKScan.sys in K7 Ultimate Security before 17.0.2019 allows local users to cause a denial of service (BSOD) because of a NULL pointer dereference. | ||||
| CVE-2024-34620 | 1 Samsung | 1 Android | 2024-08-12 | 8.4 High |
| Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service. | ||||
| CVE-2024-34619 | 2 Samsung, Samsung Mobile | 2 Android, Samsung Mobile Devices | 2024-08-12 | 7.5 High |
| Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-34618 | 1 Samsung | 1 Android | 2024-08-12 | 4 Medium |
| Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information. | ||||
| CVE-2024-34617 | 1 Samsung | 1 Android | 2024-08-12 | 4 Medium |
| Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application. | ||||
| CVE-2024-34616 | 1 Samsung | 1 Android | 2024-08-12 | 5.1 Medium |
| Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data. | ||||
| CVE-2024-34615 | 1 Samsung | 1 Android | 2024-08-12 | 5.1 Medium |
| Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption. | ||||
| CVE-2024-34614 | 1 Samsung | 1 Android | 2024-08-12 | 7.3 High |
| Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. | ||||
| CVE-2024-34613 | 1 Samsung | 1 Wear Os | 2024-08-12 | 4 Medium |
| Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch. | ||||
| CVE-2024-34612 | 1 Samsung | 1 Android | 2024-08-12 | 7.3 High |
| Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. | ||||
| CVE-2024-34611 | 1 Samsung | 1 Android | 2024-08-12 | 5.1 Medium |
| Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information. | ||||
| CVE-2024-34610 | 1 Samsung | 1 Android | 2024-08-12 | 5.1 Medium |
| Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data. | ||||
| CVE-2024-34609 | 1 Samsung | 1 Android | 2024-08-12 | 6.2 Medium |
| Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | ||||
| CVE-2024-34608 | 1 Samsung | 1 Android | 2024-08-12 | 6.2 Medium |
| Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | ||||
| CVE-2024-34607 | 1 Samsung | 1 Android | 2024-08-12 | 6.2 Medium |
| Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | ||||