Skip to main content
CVE-2024-23304 HIGH This Week

Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Kunai
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-20820 HIGH This Week

Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-23344 MEDIUM PATCH This Month

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tuleap
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-20816 MEDIUM This Month

Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20815 MEDIUM This Month

Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-1258 MEDIUM This Month

A vulnerability was found in Juanpao JPShop up to 1.5.02. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP Information Disclosure Jpshop
NVD VulDB
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-22331 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Microsoft Urbancode Deploy Devops Deploy
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0911 MEDIUM This Month

A flaw was found in indent, a program for formatting C code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Indent
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-0690 MEDIUM PATCH This Month

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ansible Enterprise Linux Ansible Automation Platform Ansible Developer +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-24943 MEDIUM This Month

In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Toolbox
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-20826 MEDIUM This Month

Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Uphelper Library
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20825 MEDIUM This Month

Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20824 MEDIUM This Month

Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20823 MEDIUM This Month

Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20822 MEDIUM This Month

Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20814 MEDIUM This Month

Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-24937 MEDIUM This Month

In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-24942 MEDIUM This Month

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Teamcity
NVD
CVSS 3.1
5.3
EPSS
32.0%
CVE-2024-24941 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-24939 MEDIUM This Month

In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rider
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-24938 MEDIUM This Month

In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-24936 MEDIUM This Month

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-22240 MEDIUM This Month

Aria Operations for Networks contains a local file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Information Disclosure Aria Operations For Networks
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-22241 MEDIUM This Month

Aria Operations for Networks contains a cross site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aria Operations For Networks
NVD
CVSS 3.1
4.8
EPSS
37.8%
CVE-2024-22238 MEDIUM This Month

Aria Operations for Networks contains a cross site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aria Operations For Networks
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-20828 MEDIUM This Month

Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Internet
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-20827 MEDIUM This Month

Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-24940 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Intellij Idea
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-1048 LOW Monitor

A flaw was found in the grub2-set-bootflag utility of grub2. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Grub2 Enterprise Linux Fedora
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2024-20811 LOW Monitor

Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-20810 LOW Monitor

Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy