Total
29109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36416 | 1 Salesagility | 1 Suitecrm | 2024-08-02 | 8.6 High |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | ||||
| CVE-2024-36257 | 1 Mattermost | 1 Mattermost | 2024-08-02 | 2.7 Low |
| Mattermost versions 9.5.x <= 9.5.5 and 9.8.0, when using shared channels with multiple remote servers connected, fail to check that the remote server A requesting the server B to update the profile picture of a user is the remote that actually has the user as a local one . This allows a malicious remote A to change the profile images of users that belong to another remote server C that is connected to the server A. | ||||
| CVE-2024-35252 | 1 Microsoft | 2 Azure Storage Data Movement Library, Azure Storage Movement Client Library For .net | 2024-08-02 | 7.5 High |
| Azure Storage Movement Client Library Denial of Service Vulnerability | ||||
| CVE-2024-34595 | 1 Samsung | 1 Android | 2024-08-02 | 7.8 High |
| Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. | ||||
| CVE-2024-34603 | 1 Samsung | 1 Android | 2024-08-02 | 4 Medium |
| Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data. | ||||
| CVE-2024-34586 | 1 Samsung | 1 Android | 2024-08-02 | 5.9 Medium |
| Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy. | ||||
| CVE-2024-34583 | 1 Samsung | 1 Android | 2024-08-02 | 4 Medium |
| Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier. | ||||
| CVE-2024-34601 | 1 Samsung | 1 Galaxystore | 2024-08-02 | 5.9 Medium |
| Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore. | ||||
| CVE-2024-34363 | 1 Envoyproxy | 1 Envoy | 2024-08-02 | 7.5 High |
| Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash. | ||||
| CVE-2024-32912 | 1 Google | 1 Android | 2024-08-02 | 5.5 Medium |
| there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the device with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-29060 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2024-08-02 | 6.7 Medium |
| Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2024-27855 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-08-02 | 8.8 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A shortcut may be able to use sensitive data with certain actions without prompting the user. | ||||
| CVE-2024-27198 | 1 Jetbrains | 1 Teamcity | 2024-08-02 | 9.8 Critical |
| In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible | ||||
| CVE-2024-24776 | 1 Mattermost | 1 Mattermost Server | 2024-08-01 | 3.1 Low |
| Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions. | ||||
| CVE-2024-24566 | 1 Lobehub | 1 Lobe Chat | 2024-08-01 | 5.3 Medium |
| Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4. | ||||
| CVE-2024-22362 | 1 Drupal | 1 Drupal | 2024-08-01 | 7.5 High |
| Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition. | ||||
| CVE-2024-23447 | 1 Elastic | 1 Network Drive Connector | 2024-08-01 | 5.3 Medium |
| An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user. | ||||
| CVE-2024-23055 | 1 Plone | 1 Plone Docker Official Image | 2024-08-01 | 6.1 Medium |
| An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers. | ||||
| CVE-2024-22902 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2024-08-01 | 9.8 Critical |
| Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials. | ||||
| CVE-2024-22901 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2024-08-01 | 9.8 Critical |
| Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. | ||||