Vulnerabilities (CVE)

Total 6796 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-32771 1 Qnap 2 Qts, Quts Hero 2024-09-20 N/A 2.4 LOW
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later
CVE-2024-45323 1 Fortinet 1 Fortiedrmanager 2024-09-20 N/A 2.7 LOW
An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include information related to other organizations.
CVE-2024-46989 2024-09-20 N/A 3.7 LOW
spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resource has multiple groups, and each group is caveated, it is possible for the returned permission to be "no permission" when permission is expected. Permission is returned as NO_PERMISSION when PERMISSION is expected on the CheckPermission API. This issue has been addressed in release version 1.35.3. Users are advised to upgrade. Users unable to upgrade should not use caveats or avoid the use of caveats on an indirect subject type with multiple entries.
CVE-2024-45620 2 Opensc Project, Redhat 2 Opensc, Enterprise Linux 2024-09-19 N/A 3.9 LOW
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
CVE-2024-0109 1 Nvidia 1 Cuda Toolkit 2024-09-18 N/A 3.3 LOW
NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause a crash by passing in a malformed ELF file. A successful exploit of this vulnerability may cause an out of bounds read in the unprivileged process memory which could lead to a limited denial of service.
CVE-2024-8042 1 Rapid7 1 Insight Platform 2024-09-17 N/A 3.1 LOW
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect customer. This vulnerability is remediated as of August 14, 2024.
CVE-2023-25546 2024-09-16 N/A 2.5 LOW
Out-of-bounds read in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.
CVE-2024-41728 1 Sap 1 Netweaver Application Server Abap 2024-09-16 N/A 2.7 LOW
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.
CVE-2024-44114 1 Sap 1 Netweaver Application Server Abap 2024-09-16 N/A 2.7 LOW
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.
CVE-2024-45615 2 Opensc Project, Redhat 2 Opensc, Enterprise Linux 2024-09-13 N/A 3.9 LOW
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).
CVE-2024-45616 2 Opensc Project, Redhat 2 Opensc, Enterprise Linux 2024-09-13 N/A 3.9 LOW
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.
CVE-2024-45617 2 Opensc Project, Redhat 2 Opensc, Enterprise Linux 2024-09-13 N/A 3.9 LOW
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
CVE-2024-45618 2 Opensc Project, Redhat 2 Opensc, Enterprise Linux 2024-09-13 N/A 3.9 LOW
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
CVE-2024-43265 1 Analytify 1 Analytify - Google Analytics Dashboard 2024-09-12 N/A 3.5 LOW
Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1.
CVE-2024-8693 2024-09-12 3.3 LOW 2.4 LOW
A vulnerability, which was classified as problematic, has been found in Kaon CG3000 1.01.43. Affected by this issue is some unknown functionality of the component dhcpcd Command Handler. The manipulation of the argument -h with the input <script>alert('XSS')</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1656 2024-09-11 N/A 2.6 LOW
Affected versions of Octopus Server had a weak content security policy.
CVE-2024-45284 2024-09-10 N/A 2.4 LOW
An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application.
CVE-2024-34641 1 Samsung 1 Android 2024-09-06 N/A 3.3 LOW
Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration.
CVE-2024-42792 1 Lopalopa 1 Music Management System 2024-09-05 N/A 3.5 LOW
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page.
CVE-2024-34640 1 Samsung 1 Android 2024-09-05 N/A 3.3 LOW
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.