Total
303298 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42358 | 1 Msweet | 1 Pdfio | 2024-08-12 | N/A | 6.2 MEDIUM |
| PDFio is a simple C library for reading and writing PDF files. There is a denial of service (DOS) vulnerability in the TTF parser. Maliciously crafted TTF files can cause the program to utilize 100% of the Memory and enter an infinite loop. This can also lead to a heap-buffer-overflow vulnerability. An infinite loop occurs in the read_camp function by nGroups value. The ttf.h library is vulnerable. A value called nGroups is extracted from the file, and by changing that value, you can cause the program to utilize 100% of the Memory and enter an infinite loop. If the value of nGroups in the file is small, an infinite loop will not occur. This library, whether used as a standalone binary or as part of another application, is vulnerable to DOS attacks when parsing certain types of files. Automated systems, including web servers that use this code to convert PDF submissions into plaintext, can be DOSed if an attacker uploads a malicious TTF file. This issue has been addressed in release version 1.3.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-31201 | 1 Proges | 1 Thermoscan Ip | 2024-08-12 | N/A | 6.5 MEDIUM |
| A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIP_Scrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine. | |||||
| CVE-2024-34620 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 8.4 HIGH |
| Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service. | |||||
| CVE-2024-34619 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 7.5 HIGH |
| Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | |||||
| CVE-2024-34618 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 4.0 MEDIUM |
| Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information. | |||||
| CVE-2024-34617 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 4.0 MEDIUM |
| Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application. | |||||
| CVE-2024-34616 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.1 MEDIUM |
| Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data. | |||||
| CVE-2024-34615 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.1 MEDIUM |
| Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption. | |||||
| CVE-2024-34614 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 7.3 HIGH |
| Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. | |||||
| CVE-2024-34613 | 1 Samsung | 1 Wear Os | 2024-08-12 | N/A | 4.0 MEDIUM |
| Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch. | |||||
| CVE-2024-34612 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 7.3 HIGH |
| Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. | |||||
| CVE-2024-34611 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.1 MEDIUM |
| Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information. | |||||
| CVE-2024-34610 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.1 MEDIUM |
| Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data. | |||||
| CVE-2024-34609 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 6.2 MEDIUM |
| Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34608 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 6.2 MEDIUM |
| Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34607 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 6.2 MEDIUM |
| Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34606 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 6.2 MEDIUM |
| Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34605 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 6.2 MEDIUM |
| Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34604 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 6.2 MEDIUM |
| Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-7550 | 1 Google | 1 Chrome | 2024-08-12 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||