Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-34637 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 5.5 MEDIUM |
Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background. | |||||
CVE-2024-34640 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 3.3 LOW |
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration. | |||||
CVE-2024-34643 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 5.5 MEDIUM |
Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability. | |||||
CVE-2024-34644 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 5.5 MEDIUM |
Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability. | |||||
CVE-2024-34646 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 5.5 MEDIUM |
Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service. | |||||
CVE-2024-34649 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 2.4 LOW |
Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen. | |||||
CVE-2023-20702 | 1 Mediatek | 22 Mt6835, Mt6873, Mt6875 and 19 more | 2024-09-05 | N/A | 7.5 HIGH |
In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895. | |||||
CVE-2024-38482 | 1 Dell | 1 Cloudlink | 2024-09-05 | N/A | 7.2 HIGH |
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database. | |||||
CVE-2021-43419 | 1 Opayweb | 1 Opay | 2024-09-05 | N/A | 7.5 HIGH |
An Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26 and maybe be higher in the logcat app. | |||||
CVE-2024-45522 | 1 Linen | 1 Linen | 2024-09-05 | N/A | 9.8 CRITICAL |
Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts. | |||||
CVE-2023-43984 | 1 Advanced Export Products Orders Cron Csv Excel Project | 1 Advanced Export Products Orders Cron Csv Excel | 2024-09-05 | N/A | 7.5 HIGH |
Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table. | |||||
CVE-2023-46774 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-04 | N/A | 7.5 HIGH |
Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | |||||
CVE-2023-46765 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-04 | N/A | 7.5 HIGH |
Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | |||||
CVE-2023-5299 | 1 Fujielectric | 1 Tellus Lite V-simulator | 2024-09-04 | N/A | 8.8 HIGH |
A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system. | |||||
CVE-2023-46759 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-04 | N/A | 7.5 HIGH |
Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2023-46758 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-04 | N/A | 7.5 HIGH |
Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. | |||||
CVE-2023-46756 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-04 | N/A | 5.3 MEDIUM |
Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows. | |||||
CVE-2024-45587 | 1 Symphonyfintech | 2 Xts Mobile Trader, Xts Web Trader | 2024-09-04 | N/A | 8.8 HIGH |
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to compromise of other user accounts. | |||||
CVE-2024-45586 | 1 Symphonyfintech | 2 Xts Mobile Trader, Xts Web Trader | 2024-09-04 | N/A | 8.8 HIGH |
This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized account take over belonging to other users. | |||||
CVE-2022-46025 | 1 Totolink | 2 N200re V5, N200re V5 Firmware | 2024-09-03 | N/A | 9.1 CRITICAL |
Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. |