Total
89523 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34788 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-08-12 | N/A | 6.5 MEDIUM |
| An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information | |||||
| CVE-2024-42347 | 1 Matrix | 1 Matrix-react-sdk | 2024-08-12 | N/A | 6.5 MEDIUM |
| matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. This was patched in matrix-react-sdk 3.105.0. Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-41677 | 1 Qwik | 1 Qwik | 2024-08-12 | N/A | 6.1 MEDIUM |
| Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the `render-ssr.ts` file. It sometimes causes the situation that the final DOM tree rendered on browsers is different from what Qwik expects on server-side rendering. This may be leveraged to perform XSS attacks, and a type of the XSS is known as mXSS (mutation XSS). This has been resolved in qwik version 1.6.0 and @builder.io/qwik version 1.7.3. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-42358 | 1 Msweet | 1 Pdfio | 2024-08-12 | N/A | 5.5 MEDIUM |
| PDFio is a simple C library for reading and writing PDF files. There is a denial of service (DOS) vulnerability in the TTF parser. Maliciously crafted TTF files can cause the program to utilize 100% of the Memory and enter an infinite loop. This can also lead to a heap-buffer-overflow vulnerability. An infinite loop occurs in the read_camp function by nGroups value. The ttf.h library is vulnerable. A value called nGroups is extracted from the file, and by changing that value, you can cause the program to utilize 100% of the Memory and enter an infinite loop. If the value of nGroups in the file is small, an infinite loop will not occur. This library, whether used as a standalone binary or as part of another application, is vulnerable to DOS attacks when parsing certain types of files. Automated systems, including web servers that use this code to convert PDF submissions into plaintext, can be DOSed if an attacker uploads a malicious TTF file. This issue has been addressed in release version 1.3.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-31201 | 1 Proges | 1 Thermoscan Ip | 2024-08-12 | N/A | 6.7 MEDIUM |
| A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIP_Scrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine. | |||||
| CVE-2024-34616 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data. | |||||
| CVE-2024-34613 | 1 Samsung | 1 Wear Os | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch. | |||||
| CVE-2024-34611 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information. | |||||
| CVE-2024-34610 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data. | |||||
| CVE-2024-34609 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34608 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34607 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34606 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34605 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34604 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-42218 | 1 1password | 1 1password | 2024-08-12 | N/A | 4.7 MEDIUM |
| 1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms. | |||||
| CVE-2024-31200 | 1 Proges | 2 Sensor Net Connect Firmware V2, Sensor Net Connect V2 | 2024-08-12 | N/A | 4.6 MEDIUM |
| A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser. | |||||
| CVE-2024-7285 | 1 Oretnom23 | 1 Establishment Billing Management System | 2024-08-12 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273154 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-7321 | 1 Adonesevangelista | 1 Online Blood Bank Management System | 2024-08-12 | 5.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in itsourcecode Online Blood Bank Management System 1.0. This vulnerability affects unknown code of the file signup.php of the component User Registration Handler. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273232. | |||||
| CVE-2024-7303 | 1 Adonesevangelista | 1 Online Blood Bank Management System | 2024-08-12 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /request.php of the component Send Blood Request Page. The manipulation of the argument Address/bloodgroup leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273185 was assigned to this vulnerability. | |||||