Total
82305 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34620 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 7.8 HIGH |
| Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service. | |||||
| CVE-2024-34619 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 8.8 HIGH |
| Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | |||||
| CVE-2024-34615 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 7.8 HIGH |
| Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption. | |||||
| CVE-2024-34614 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 7.8 HIGH |
| Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. | |||||
| CVE-2024-34612 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 7.8 HIGH |
| Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. | |||||
| CVE-2024-7550 | 1 Google | 1 Chrome | 2024-08-12 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-7536 | 1 Google | 1 Chrome | 2024-08-12 | N/A | 8.8 HIGH |
| Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-7533 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-08-12 | N/A | 8.8 HIGH |
| Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-7532 | 1 Google | 1 Chrome | 2024-08-12 | N/A | 8.8 HIGH |
| Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2024-42219 | 1 1password | 1 1password | 2024-08-12 | N/A | 7.8 HIGH |
| 1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient. | |||||
| CVE-2024-28739 | 1 Koha | 1 Koha | 2024-08-12 | N/A | 7.2 HIGH |
| An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. | |||||
| CVE-2024-7287 | 1 Oretnom23 | 1 Establishment Billing Management System | 2024-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273156. | |||||
| CVE-2024-7288 | 1 Oretnom23 | 1 Establishment Billing Management System | 2024-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_block. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273157 was assigned to this vulnerability. | |||||
| CVE-2024-7306 | 1 Oretnom23 | 1 Establishment Billing Management System | 2024-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in SourceCodester Establishment Billing Management System 1.0. Affected is an unknown function of the file /manage_block.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273198 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-7528 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-08-12 | N/A | 8.8 HIGH |
| Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | |||||
| CVE-2024-7530 | 1 Mozilla | 1 Firefox | 2024-08-12 | N/A | 8.8 HIGH |
| Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129. | |||||
| CVE-2024-7525 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-08-12 | N/A | 8.1 HIGH |
| It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | |||||
| CVE-2024-7522 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-08-12 | N/A | 8.8 HIGH |
| Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | |||||
| CVE-2024-7521 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-08-12 | N/A | 8.8 HIGH |
| Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | |||||
| CVE-2024-3659 | 1 Kaongroup | 2 Ar2140, Ar2140 Firmware | 2024-08-12 | N/A | 7.2 HIGH |
| Firmware in KAONÂ AR2140 routers prior to version 4.2.16 is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router. | |||||