Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-06 | CVE-2024-49404 | Unspecified vulnerability in Samsung Video Player 7.3.15.30 Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users. low complexity samsung | 4.6 |
| 2024-11-06 | CVE-2024-49405 | Unspecified vulnerability in Samsung Pass 4.0.05.1/4.2.03.1/4.3.00.17 Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario. low complexity samsung | 4.6 |
| 2024-11-06 | CVE-2024-49406 | Improper Validation of Integrity Check Value vulnerability in Samsung Blockchain Keystore 1.3.13.5 Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. | 4.4 |
| 2024-11-06 | CVE-2024-49407 | Unspecified vulnerability in Samsung Flow Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles. low complexity samsung | 4.6 |
| 2024-11-06 | CVE-2024-49408 | Out-of-bounds Write vulnerability in Samsung Galaxy S24 Firmware Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. | 6.7 |
| 2024-11-06 | CVE-2024-49409 | Out-of-bounds Write vulnerability in Samsung Galaxy S24 Firmware Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. | 6.7 |
| 2024-11-06 | CVE-2024-10647 | Cross-site Scripting vulnerability in Westguardsolutions WS Form The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. | 6.1 |
| 2024-11-06 | CVE-2024-10028 | Insecure Storage of Sensitive Information vulnerability in Everestthemes Everest Backup The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. | 7.5 |
| 2024-11-05 | CVE-2024-10084 | The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. | 4.3 |
| 2024-11-05 | CVE-2024-0134 | Unspecified vulnerability in Nvidia Container Toolkit and Nvidia GPU Operator NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. | 4.1 |