Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29092 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-34640 1 Samsung 1 Android 2024-09-05 N/A 3.3 LOW
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.
CVE-2024-34643 1 Samsung 1 Android 2024-09-05 N/A 5.5 MEDIUM
Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.
CVE-2024-34644 1 Samsung 1 Android 2024-09-05 N/A 5.5 MEDIUM
Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.
CVE-2024-34646 1 Samsung 1 Android 2024-09-05 N/A 5.5 MEDIUM
Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service.
CVE-2024-34649 1 Samsung 1 Android 2024-09-05 N/A 2.4 LOW
Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen.
CVE-2024-38482 1 Dell 1 Cloudlink 2024-09-05 N/A 7.2 HIGH
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database.
CVE-2024-45522 1 Linen 1 Linen 2024-09-05 N/A 9.8 CRITICAL
Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts.
CVE-2024-45587 1 Symphonyfintech 2 Xts Mobile Trader, Xts Web Trader 2024-09-04 N/A 8.8 HIGH
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to compromise of other user accounts.
CVE-2024-45586 1 Symphonyfintech 2 Xts Mobile Trader, Xts Web Trader 2024-09-04 N/A 8.8 HIGH
This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized account take over belonging to other users.
CVE-2024-41518 1 Mecodia 1 Feripro 2024-09-03 N/A 7.5 HIGH
An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants.
CVE-2024-42340 1 Cyberark 1 Identity 2024-08-30 N/A 4.3 MEDIUM
CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security
CVE-2024-41889 1 Pimax 2 Pitool, Play 2024-08-30 N/A 9.8 CRITICAL
Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker.
CVE-2024-45233 1 In2code 1 Powermail 2024-08-30 N/A 9.8 CRITICAL
An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0.
CVE-2024-44913 1 Irfanview 1 Irfanview 2024-08-30 N/A 5.5 MEDIUM
An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).
CVE-2024-44914 1 Irfanview 1 Irfanview 2024-08-30 N/A 5.5 MEDIUM
An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).
CVE-2024-44915 1 Irfanview 1 Irfanview 2024-08-30 N/A 5.5 MEDIUM
An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).
CVE-2024-6201 1 Haloservicesolutions 1 Haloitsm 2024-08-29 N/A 5.3 MEDIUM
HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.
CVE-2024-34636 1 Samsung 1 Email 2024-08-29 N/A 5.5 MEDIUM
Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information.
CVE-2022-48881 1 Linux 1 Linux Kernel 2024-08-29 N/A 7.1 HIGH
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix refcount leak in amd_pmc_probe pci_get_domain_bus_and_slot() takes reference, the caller should release the reference by calling pci_dev_put() after use. Call pci_dev_put() in the error path to fix this.
CVE-2024-41773 1 Ibm 1 Global Configuration Management 2024-08-26 N/A 6.5 MEDIUM
IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls.