Total
6791 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-8042 | 1 Rapid7 | 1 Insight Platform | 2024-09-17 | N/A | 3.1 LOW |
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect customer. This vulnerability is remediated as of August 14, 2024. | |||||
CVE-2023-25546 | 2024-09-16 | N/A | 2.5 LOW | ||
Out-of-bounds read in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. | |||||
CVE-2024-41728 | 1 Sap | 1 Netweaver Application Server Abap | 2024-09-16 | N/A | 2.7 LOW |
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects. | |||||
CVE-2024-44114 | 1 Sap | 1 Netweaver Application Server Abap | 2024-09-16 | N/A | 2.7 LOW |
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application. | |||||
CVE-2024-45615 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-13 | N/A | 3.9 LOW |
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.). | |||||
CVE-2024-45616 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-13 | N/A | 3.9 LOW |
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card. | |||||
CVE-2024-45617 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-13 | N/A | 3.9 LOW |
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. | |||||
CVE-2024-45618 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-13 | N/A | 3.9 LOW |
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. | |||||
CVE-2024-43265 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2024-09-12 | N/A | 3.5 LOW |
Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1. | |||||
CVE-2024-8693 | 2024-09-12 | 3.3 LOW | 2.4 LOW | ||
A vulnerability, which was classified as problematic, has been found in Kaon CG3000 1.01.43. Affected by this issue is some unknown functionality of the component dhcpcd Command Handler. The manipulation of the argument -h with the input <script>alert('XSS')</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-1656 | 2024-09-11 | N/A | 2.6 LOW | ||
Affected versions of Octopus Server had a weak content security policy. | |||||
CVE-2024-45284 | 2024-09-10 | N/A | 2.4 LOW | ||
An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application. | |||||
CVE-2024-34641 | 1 Samsung | 1 Android | 2024-09-06 | N/A | 3.3 LOW |
Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration. | |||||
CVE-2024-42792 | 1 Lopalopa | 1 Music Management System | 2024-09-05 | N/A | 3.5 LOW |
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page. | |||||
CVE-2024-34640 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 3.3 LOW |
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration. | |||||
CVE-2024-34649 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 2.4 LOW |
Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen. | |||||
CVE-2024-34650 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 3.3 LOW |
Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel. | |||||
CVE-2024-34652 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 3.3 LOW |
Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage. | |||||
CVE-2024-8462 | 2024-09-05 | 2.6 LOW | 3.7 LOW | ||
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.390.1 is able to address this issue. The patch is identified as acfe7786152f036f2476f93ab5536571514fa9e3. It is recommended to upgrade the affected component. | |||||
CVE-2024-39300 | 1 Elecom | 2 Wab-i1750-ps, Wab-i1750-ps Firmware | 2024-09-03 | N/A | 3.7 LOW |
Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings. |