Total
28982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41905 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information. | |||||
| CVE-2024-38112 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-08-14 | N/A | 7.5 HIGH |
| Windows MSHTML Platform Spoofing Vulnerability | |||||
| CVE-2024-6542 | 1 Checkmk | 1 Checkmk | 2024-08-14 | N/A | 6.5 MEDIUM |
| Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution. | |||||
| CVE-2023-23752 | 1 Joomla | 1 Joomla\! | 2024-08-14 | N/A | 5.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | |||||
| CVE-2024-34618 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 3.3 LOW |
| Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information. | |||||
| CVE-2024-34613 | 1 Samsung | 1 Wear Os | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch. | |||||
| CVE-2024-34611 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information. | |||||
| CVE-2024-34610 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data. | |||||
| CVE-2024-34609 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34608 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34607 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34606 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34605 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34604 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-31200 | 1 Proges | 2 Sensor Net Connect Firmware V2, Sensor Net Connect V2 | 2024-08-12 | N/A | 4.6 MEDIUM |
| A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser. | |||||
| CVE-2024-42354 | 1 Shopware | 1 Shopware | 2024-08-12 | N/A | 5.9 MEDIUM |
| Shopware is an open commerce platform. The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON. Prior to versions 6.6.5.1 and 6.5.8.13, the processing of the Criteria did not considered ManyToMany associations and so they were not considered properly and the protections didn't get used. This issue cannot be reproduced with the default entities by Shopware, but can be triggered with extensions. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin. | |||||
| CVE-2024-32931 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | N/A | 5.7 MEDIUM |
| Under certain circumstances the exacqVision Web Service can expose authentication token details within communications. | |||||
| CVE-2024-41250 | 1 Lopalopa | 1 Responsive School Management System | 2024-08-08 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details. | |||||
| CVE-2024-41251 | 1 Lopalopa | 1 Responsive School Management System | 2024-08-08 | N/A | 6.5 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration. | |||||
| CVE-2024-41245 | 1 Lopalopa | 1 Responsive School Management System | 2024-08-08 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details. | |||||