Total
28982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32260 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios. | |||||
| CVE-2022-32259 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-07-09 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. | |||||
| CVE-2022-32258 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure. | |||||
| CVE-2022-32256 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-07-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information. | |||||
| CVE-2022-32255 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-07-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information. | |||||
| CVE-2024-34586 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 3.3 LOW |
| Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy. | |||||
| CVE-2024-34585 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 7.8 HIGH |
| Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. | |||||
| CVE-2024-34583 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 3.3 LOW |
| Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier. | |||||
| CVE-2024-6428 | 1 Mattermost | 1 Mattermost | 2024-07-05 | N/A | 6.5 MEDIUM |
| Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2, 9.5.x <= 9.5.5 fail to prevent specifying a RemoteId when creating a new user which allows an attacker to specify both a remoteId and the user ID, resulting in creating a user with a user-defined user ID. This can cause some broken functionality in User Management such administrative actions against the user not working. | |||||
| CVE-2024-39361 | 1 Mattermost | 1 Mattermost | 2024-07-05 | N/A | 5.4 MEDIUM |
| Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5 fail to prevent users from specifying a RemoteId for their posts which allows an attacker to specify both a remoteId and the post ID, resulting in creating a post with a user-defined post ID. This can cause some broken functionality in the channel or thread with user-defined posts | |||||
| CVE-2024-36257 | 1 Mattermost | 1 Mattermost | 2024-07-05 | N/A | 5.3 MEDIUM |
| Mattermost versions 9.5.x <= 9.5.5 and 9.8.0, when using shared channels with multiple remote servers connected, fail to check that the remote server A requesting the server B to update the profile picture of a user is the remote that actually has the user as a local one . This allows a malicious remote A to change the profile images of users that belong to another remote server C that is connected to the server A. | |||||
| CVE-2024-20895 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 5.5 MEDIUM |
| Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features. | |||||
| CVE-2024-20891 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 7.8 HIGH |
| Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. | |||||
| CVE-2024-20888 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 7.8 HIGH |
| Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability. | |||||
| CVE-2024-5735 | 1 Admiror-design-studio | 1 Admirorframes | 2024-07-03 | N/A | 7.5 HIGH |
| Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0. | |||||
| CVE-2024-5349 | 1 La-studioweb | 1 Element Kit For Elementor | 2024-07-03 | N/A | 8.8 HIGH |
| The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'map_style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-37677 | 1 Access Management Specialist Project | 1 Access Management Specialist | 2024-07-03 | N/A | 7.5 HIGH |
| An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information. | |||||
| CVE-2022-26581 | 1 Paxtechnology | 2 A930, Paydroid | 2024-07-03 | N/A | 6.8 MEDIUM |
| PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability. | |||||
| CVE-2020-10673 | 4 Debian, Fasterxml, Netapp and 1 more | 31 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 28 more | 2024-07-03 | 6.8 MEDIUM | 8.8 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). | |||||
| CVE-2020-10672 | 4 Debian, Fasterxml, Netapp and 1 more | 31 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 28 more | 2024-07-03 | 6.8 MEDIUM | 8.8 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). | |||||