|
317531
|
6.1 |
MEDIUM
Network
|
gazelle_project
|
gazelle
|
A cross-site scripting (XSS) vulnerability in the component /managers/multiple_freeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload …
|
CWE-79
Cross-site Scripting
|
CVE-2024-44793
|
2024-09-6 03:28 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317532
|
6.1 |
MEDIUM
Network
|
gazelle_project
|
gazelle
|
A cross-site scripting (XSS) vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44795
|
2024-09-6 03:26 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317533
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: nl80211: disallow setting special AP channel widths
Setting the AP channel width is meant for use with the normal
20/40/...…
|
NVD-CWE-noinfo
|
CVE-2024-43912
|
2024-09-6 03:19 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317534
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nvme: apple: fix device reference counting
Drivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.
Split the alloca…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-43913
|
2024-09-6 03:12 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317535
|
7.1 |
HIGH
Local
|
samsung
|
android
|
Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications.
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2024-34638
|
2024-09-6 03:05 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317536
|
5.5 |
MEDIUM
Local
|
samsung
|
android
|
Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on…
|
NVD-CWE-Other
|
CVE-2024-34637
|
2024-09-6 03:05 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317537
|
4.6 |
MEDIUM
Physics
|
samsung
|
android
|
Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege.
|
CWE-22
Path Traversal
|
CVE-2024-34653
|
2024-09-6 03:04 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317538
|
5.5 |
MEDIUM
Local
|
samsung
|
android
|
Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data.
|
CWE-276
Incorrect Default Permissions
|
CVE-2024-34648
|
2024-09-6 03:04 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317539
|
3.3 |
LOW
Local
|
samsung
|
android
|
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.
|
NVD-CWE-Other
|
CVE-2024-34640
|
2024-09-6 03:04 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317540
|
4.6 |
MEDIUM
Physics
|
samsung
|
android
|
Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2024-34639
|
2024-09-6 03:04 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
