Total
28533 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-35776 | 1 Exeebit | 1 Phpinfo-wp | 2024-08-02 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.This issue affects phpinfo() WP: from n/a through 5.0. | ||||
| CVE-2024-34588 | 1 Samsung | 1 Android | 2024-08-02 | 5.3 Medium |
| Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-35700 | 1 Userproplugin | 1 Userpro | 2024-08-02 | 9.8 Critical |
| Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation.This issue affects Userpro: from n/a through 5.1.8. | ||||
| CVE-2024-35263 | 1 Microsoft | 1 Dynamics 365 | 2024-08-02 | 5.7 Medium |
| Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | ||||
| CVE-2024-34600 | 1 Samsung | 1 Flow | 2024-08-02 | 4.4 Medium |
| Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage. | ||||
| CVE-2024-34599 | 2 Google, Samsung | 2 Android, Tips | 2024-08-02 | 4 Medium |
| Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips' privilege. | ||||
| CVE-2024-34589 | 1 Samsung | 1 Android | 2024-08-02 | 5.3 Medium |
| Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-34592 | 1 Samsung | 1 Android | 2024-08-02 | 5.3 Medium |
| Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-34597 | 1 Samsung | 1 Health | 2024-08-02 | 4.4 Medium |
| Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-34593 | 1 Samsung | 1 Android | 2024-08-02 | 7.5 High |
| Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-34590 | 1 Samsung | 1 Android | 2024-08-02 | 5.3 Medium |
| Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-34602 | 1 Samsung | 1 Android | 2024-08-02 | 3.3 Low |
| Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-34587 | 1 Samsung | 1 Android | 2024-08-02 | 7.5 High |
| Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-34594 | 1 Samsung | 1 Android | 2024-08-02 | 5.5 Medium |
| Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address. | ||||
| CVE-2024-34591 | 1 Samsung | 1 Android | 2024-08-02 | 5.3 Medium |
| Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-34696 | 1 Geoserver | 1 Geoserver | 2024-08-02 | 4.5 Medium |
| GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as database passwords or API keys/tokens. Additionally, many community-developed GeoServer container images `export` other credentials from their start-up scripts as environment variables to the GeoServer (`java`) process. The precise scope of the issue depends on which container image is used and how it is configured. The `about status` API endpoint which powers the Server Status page is only available to administrators.Depending on the operating environment, administrators might have legitimate access to credentials in other ways, but this issue defeats more sophisticated controls (like break-glass access to secrets or role accounts).By default, GeoServer only allows same-origin authenticated API access. This limits the scope for a third-party attacker to use an administrator’s credentials to gain access to credentials. The researchers who found the vulnerability were unable to determine any other conditions under which the GeoServer REST API may be available more broadly. Users should update container images to use GeoServer 2.24.4 or 2.25.1 to get the bug fix. As a workaround, leave environment variables and Java system properties hidden by default. Those who provide the option to re-enable it should communicate the impact and risks so that users can make an informed choice. | ||||
| CVE-2024-33880 | 2 Microsoft, Virtosoftware | 2 Sharepoint Server, Sharepoint Bulk File Download | 2024-08-02 | 5.3 Medium |
| An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive. | ||||
| CVE-2024-32854 | 1 Dell | 1 Powerscale Onefs | 2024-08-02 | 6.7 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to privilege escalation. | ||||
| CVE-2024-32853 | 1 Dell | 1 Powerscale Onefs | 2024-08-02 | 4.4 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. | ||||
| CVE-2024-32167 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2024-08-02 | 9.1 Critical |
| Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files. | ||||