| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Due to weak encoding of user-controlled input in
SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can
be executed in the application, potentially leading to a Cross-Site Scripting
(XSS) vulnerability. This has no impact on the availability of the application
but it has a low impact on its confidentiality and integrity. |
| On Unix, SAP BusinessObjects Business
Intelligence Platform (Scheduling) allows an authenticated attacker with
administrator access on the local server to access the password of a local
account. As a result, an attacker can obtain non-administrative user
credentials, which will allow them to read or modify the remote server files. |
| An authenticated attacker can upload malicious
file to SAP Document Builder service. When the victim accesses this file, the
attacker is allowed to access, modify, or make the related information
unavailable in the victim’s browser. |
| Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data. |
| Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability. |
| Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage. |
| Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips' privilege. |
| Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability. |
| Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner. |
| Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. |
| Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address. |
| Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. |
| Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. |
| Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. |
| Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. |
| Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. |
| Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. |
| Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. |
| Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy. |
| Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. |
