Total
30629 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34647 | 1 Samsung | 1 Android | 2024-09-05 | 4 Medium |
| Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license. | ||||
| CVE-2024-34654 | 1 Samsung | 1 Android | 2024-09-05 | 6.2 Medium |
| Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege. | ||||
| CVE-2024-42458 | 1 Any1 | 1 Neatvnc | 2024-09-05 | 9.8 Critical |
| server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369. | ||||
| CVE-2024-34659 | 1 Samsung | 1 Group Sharing | 2024-09-05 | 7.5 High |
| Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers can force the victim to join the group. | ||||
| CVE-2024-8106 | 1 Wpextended | 1 Wp Extended | 2024-09-05 | 6.5 Medium |
| The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including usernames, hashed passwords, and emails. | ||||
| CVE-2024-42435 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2024-09-04 | 4.9 Medium |
| Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. | ||||
| CVE-2024-42434 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2024-09-04 | 4.9 Medium |
| Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. | ||||
| CVE-2024-39824 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2024-09-04 | 4.9 Medium |
| Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. | ||||
| CVE-2024-39823 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2024-09-04 | 4.9 Medium |
| Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. | ||||
| CVE-2024-39822 | 1 Zoom | 5 Meeting Software Development Kit, Rooms, Rooms Controller and 2 more | 2024-09-04 | 6.5 Medium |
| Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access. | ||||
| CVE-2024-44930 | 2 Serilog, Serilog-contrib | 2 Serilog, Serilog-enrichers-clientinfo | 2024-09-04 | 6.5 Medium |
| Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. | ||||
| CVE-2024-39837 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 3.8 Low |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled. | ||||
| CVE-2024-39839 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 4.3 Medium |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow users to set their own remote username, when shared channels were enabled, which allows a user on a remote to set their remote username prop to an arbitrary string, which would be then synced to the local server as long as the user hadn't been synced before. | ||||
| CVE-2024-41144 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 5.5 Medium |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels | ||||
| CVE-2024-41162 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 4.1 Medium |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only. | ||||
| CVE-2024-41369 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php | ||||
| CVE-2024-39579 | 1 Dell | 1 Powerscale Onefs | 2024-09-03 | 6.7 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. | ||||
| CVE-2024-42978 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-09-03 | 9.8 Critical |
| An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. | ||||
| CVE-2024-7851 | 2 Oretnom23, Sourcecodester | 2 Yoga Class Registration System, Yoga Class Registration System | 2024-09-03 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Users.php?f=save of the component Add User Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7925 | 1 Zzcms | 1 Zzcms | 2024-09-03 | 4.3 Medium |
| A vulnerability was found in ZZCMS 2023. It has been rated as problematic. This issue affects some unknown processing of the file 3/E_bak5.1/upload/eginfo.php. The manipulation of the argument phome with the input ShowPHPInfo leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||