Filtered by NVD-CWE-Other
Total 29251 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-7912 2 Codeastro, Online Railway Reservation System Project 2 Online Railway Reservation System, Online Railway Reservation System 2024-08-19 5.3 Medium
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-41962 1 Yonle 1 Bostr 2024-08-16 4.6 Medium
Bostr is an nostr relay aggregator proxy that acts like a regular nostr relay. bostr let everyone in even having authorized_keys being set when noscraper is set to true. This vulnerability is fixed in 3.0.10.
CVE-2024-42480 1 Clastix 1 Kamaji 2024-08-16 8.1 High
Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed in edge-24.8.2.
CVE-2024-40475 2 Mayurik, Sourcecodester 2 Best House Rental Management System, Best House Rental Management System 2024-08-15 5.3 Medium
SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control via /rental/payment_report.php, /rental/balance_report.php, /rental/invoices.php, /rental/tenants.php, and /rental/users.php.
CVE-2024-22278 1 Linuxfoundation 1 Harbor 2024-08-14 6.4 Medium
Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.
CVE-2024-36398 1 Siemens 1 Sinec Nms 2024-08-14 7.8 High
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.
CVE-2024-41907 1 Siemens 1 Sinec Traffic Analyzer 2024-08-14 4.2 Medium
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack.
CVE-2024-41906 1 Siemens 1 Sinec Traffic Analyzer 2024-08-14 4.8 Medium
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache.
CVE-2024-41905 1 Siemens 1 Sinec Traffic Analyzer 2024-08-14 6.8 Medium
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information.
CVE-2024-34618 1 Samsung 1 Android 2024-08-12 4 Medium
Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.
CVE-2024-34613 1 Samsung 1 Wear Os 2024-08-12 4 Medium
Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch.
CVE-2024-34611 1 Samsung 1 Android 2024-08-12 5.1 Medium
Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information.
CVE-2024-34610 1 Samsung 1 Android 2024-08-12 5.1 Medium
Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data.
CVE-2024-34609 1 Samsung 1 Android 2024-08-12 6.2 Medium
Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
CVE-2024-34608 1 Samsung 1 Android 2024-08-12 6.2 Medium
Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
CVE-2024-34607 1 Samsung 1 Android 2024-08-12 6.2 Medium
Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
CVE-2024-34606 1 Samsung 1 Android 2024-08-12 6.2 Medium
Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
CVE-2024-34605 1 Samsung 1 Android 2024-08-12 6.2 Medium
Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
CVE-2024-34604 1 Samsung 1 Android 2024-08-12 6.2 Medium
Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
CVE-2024-31200 1 Proges 2 Sensor Net Connect Firmware V2, Sensor Net Connect V2 2024-08-12 4.2 Medium
A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.