Total
88200 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34616 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data. | |||||
| CVE-2024-34613 | 1 Samsung | 1 Wear Os | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch. | |||||
| CVE-2024-34611 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information. | |||||
| CVE-2024-34610 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data. | |||||
| CVE-2024-34609 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34608 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34607 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34606 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34605 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34604 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-42218 | 1 1password | 1 1password | 2024-08-12 | N/A | 4.7 MEDIUM |
| 1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms. | |||||
| CVE-2024-31200 | 1 Proges | 2 Sensor Net Connect Firmware V2, Sensor Net Connect V2 | 2024-08-12 | N/A | 4.6 MEDIUM |
| A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser. | |||||
| CVE-2024-7285 | 1 Oretnom23 | 1 Establishment Billing Management System | 2024-08-12 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273154 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-7321 | 1 Adonesevangelista | 1 Online Blood Bank Management System | 2024-08-12 | 5.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in itsourcecode Online Blood Bank Management System 1.0. This vulnerability affects unknown code of the file signup.php of the component User Registration Handler. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273232. | |||||
| CVE-2024-7303 | 1 Adonesevangelista | 1 Online Blood Bank Management System | 2024-08-12 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /request.php of the component Send Blood Request Page. The manipulation of the argument Address/bloodgroup leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273185 was assigned to this vulnerability. | |||||
| CVE-2023-40819 | 1 Devlop.systems | 1 Id4portais | 2024-08-12 | N/A | 6.1 MEDIUM |
| ID4Portais in version < V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability. | |||||
| CVE-2024-7551 | 1 Juzaweb | 1 Cms | 2024-08-12 | 3.3 LOW | 4.9 MEDIUM |
| A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273696. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7529 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-08-12 | N/A | 6.5 MEDIUM |
| The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | |||||
| CVE-2024-42354 | 1 Shopware | 1 Shopware | 2024-08-12 | N/A | 5.9 MEDIUM |
| Shopware is an open commerce platform. The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON. Prior to versions 6.6.5.1 and 6.5.8.13, the processing of the Criteria did not considered ManyToMany associations and so they were not considered properly and the protections didn't get used. This issue cannot be reproduced with the default entities by Shopware, but can be triggered with extensions. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin. | |||||
| CVE-2024-41238 | 1 Lopalopa | 1 Responsive School Management System | 2024-08-12 | N/A | 5.3 MEDIUM |
| A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. | |||||