Total
32048 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32870 | 1 Combodo | 1 Itop | 2024-11-13 | 5.8 Medium |
| Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-34673 | 1 Samsung | 1 Android | 2024-11-13 | 4.1 Medium |
| Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service. | ||||
| CVE-2024-34682 | 1 Samsung | 1 Android | 2024-11-13 | 2.4 Low |
| Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode. | ||||
| CVE-2024-49403 | 1 Samsung | 1 Voice Recorder | 2024-11-13 | 4.6 Medium |
| Improper access control in Samsung Voice Recorder prior to version 21.5.40.37 allows physical attackers to access recording files on the lock screen. | ||||
| CVE-2024-49404 | 1 Samsung | 2 Android, Video Player | 2024-11-13 | 5.5 Medium |
| Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users. | ||||
| CVE-2024-49405 | 1 Samsung | 1 Pass | 2024-11-13 | 5.3 Medium |
| Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario. | ||||
| CVE-2024-49407 | 1 Samsung | 1 Flow | 2024-11-13 | 4.6 Medium |
| Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles. | ||||
| CVE-2024-9576 | 2 Linux Workbooth, Workbooth Project | 2 Linux Workbooth, Workbooth | 2024-11-12 | 7 High |
| Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script. | ||||
| CVE-2024-49401 | 1 Samsung | 1 Android | 2024-11-12 | 5.1 Medium |
| Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities. | ||||
| CVE-2024-34674 | 1 Samsung | 1 Android | 2024-11-12 | 4.6 Medium |
| Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles. | ||||
| CVE-2024-34675 | 1 Samsung | 1 Android | 2024-11-12 | 2.4 Low |
| Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen. | ||||
| CVE-2024-49402 | 1 Samsung | 1 Android | 2024-11-12 | 4.6 Medium |
| Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles. | ||||
| CVE-2023-29116 | 1 Enelx | 2 Waybox Pro, Waybox Pro Firmware | 2024-11-08 | 4.3 Medium |
| Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained. | ||||
| CVE-2023-29115 | 1 Enelx | 2 Waybox Pro, Waybox Pro Firmware | 2024-11-08 | 6.5 Medium |
| In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g. reboot). | ||||
| CVE-2024-10329 | 1 G5plus | 1 Ultimate Bootstrap Elements For Elementor | 2024-11-08 | 4.3 Medium |
| The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ube_get_page_templates' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private. | ||||
| CVE-2024-30106 | 1 Hcltech | 1 Connections | 2024-11-08 | 3.5 Low |
| HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data. | ||||
| CVE-2024-10319 | 1 Wpxpro | 1 Xpro Addons For Elementor | 2024-11-08 | 4.3 Medium |
| The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the render function in widgets/content-toggle/layout/frontend.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | ||||
| CVE-2024-38408 | 1 Qualcomm | 470 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 467 more | 2024-11-08 | 8.2 High |
| Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. | ||||
| CVE-2024-51513 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 5.5 Medium |
| Vulnerability of processes not being fully terminated in the VPN module Impact: Successful exploitation of this vulnerability will affect power consumption. | ||||
| CVE-2024-51522 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 6.2 Medium |
| Vulnerability of improper device information processing in the device management module Impact: Successful exploitation of this vulnerability may affect availability. | ||||