Vulnerabilities (CVE)

Total 6791 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-8042 1 Rapid7 1 Insight Platform 2024-09-17 N/A 3.1 LOW
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect customer. This vulnerability is remediated as of August 14, 2024.
CVE-2023-25546 2024-09-16 N/A 2.5 LOW
Out-of-bounds read in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.
CVE-2024-41728 1 Sap 1 Netweaver Application Server Abap 2024-09-16 N/A 2.7 LOW
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.
CVE-2024-44114 1 Sap 1 Netweaver Application Server Abap 2024-09-16 N/A 2.7 LOW
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.
CVE-2024-45615 2 Opensc Project, Redhat 2 Opensc, Enterprise Linux 2024-09-13 N/A 3.9 LOW
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).
CVE-2024-45616 2 Opensc Project, Redhat 2 Opensc, Enterprise Linux 2024-09-13 N/A 3.9 LOW
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.
CVE-2024-45617 2 Opensc Project, Redhat 2 Opensc, Enterprise Linux 2024-09-13 N/A 3.9 LOW
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
CVE-2024-45618 2 Opensc Project, Redhat 2 Opensc, Enterprise Linux 2024-09-13 N/A 3.9 LOW
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
CVE-2024-43265 1 Analytify 1 Analytify - Google Analytics Dashboard 2024-09-12 N/A 3.5 LOW
Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1.
CVE-2024-8693 2024-09-12 3.3 LOW 2.4 LOW
A vulnerability, which was classified as problematic, has been found in Kaon CG3000 1.01.43. Affected by this issue is some unknown functionality of the component dhcpcd Command Handler. The manipulation of the argument -h with the input <script>alert('XSS')</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1656 2024-09-11 N/A 2.6 LOW
Affected versions of Octopus Server had a weak content security policy.
CVE-2024-45284 2024-09-10 N/A 2.4 LOW
An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application.
CVE-2024-34641 1 Samsung 1 Android 2024-09-06 N/A 3.3 LOW
Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration.
CVE-2024-42792 1 Lopalopa 1 Music Management System 2024-09-05 N/A 3.5 LOW
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page.
CVE-2024-34640 1 Samsung 1 Android 2024-09-05 N/A 3.3 LOW
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.
CVE-2024-34649 1 Samsung 1 Android 2024-09-05 N/A 2.4 LOW
Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen.
CVE-2024-34650 1 Samsung 1 Android 2024-09-05 N/A 3.3 LOW
Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel.
CVE-2024-34652 1 Samsung 1 Android 2024-09-05 N/A 3.3 LOW
Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage.
CVE-2024-8462 2024-09-05 2.6 LOW 3.7 LOW
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.390.1 is able to address this issue. The patch is identified as acfe7786152f036f2476f93ab5536571514fa9e3. It is recommended to upgrade the affected component.
CVE-2024-39300 1 Elecom 2 Wab-i1750-ps, Wab-i1750-ps Firmware 2024-09-03 N/A 3.7 LOW
Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings.