Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-34648 | Incorrect Default Permissions vulnerability in Samsung Android 12.0/13.0/14.0 Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data. | 5.5 |
| 2024-09-04 | CVE-2024-34651 | Incorrect Authorization vulnerability in Samsung Android 12.0/13.0/14.0 Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files. | 5.5 |
| 2024-09-04 | CVE-2024-34653 | Path Traversal vulnerability in Samsung Android 12.0/13.0/14.0 Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege. | 4.6 |
| 2024-09-04 | CVE-2024-34654 | Unspecified vulnerability in Samsung Android 13.0/14.0 Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege. | 5.5 |
| 2024-09-04 | CVE-2024-34655 | Unspecified vulnerability in Samsung Android 12.0/13.0/14.0 Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager. | 5.5 |
| 2024-09-04 | CVE-2024-34659 | Unspecified vulnerability in Samsung Group Sharing 10.8.03.2 Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers can force the victim to join the group. | 5.3 |
| 2024-09-04 | CVE-2024-34661 | Incorrect Default Permissions vulnerability in Samsung Assistant Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. | 4.3 |
| 2024-09-04 | CVE-2024-8325 | The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the ‘blockspare_render_social_sharing_block’ function in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-09-04 | CVE-2024-45444 | Unspecified vulnerability in Huawei Emui and Harmonyos Access permission verification vulnerability in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 5.5 |
| 2024-09-04 | CVE-2024-45445 | Incomplete Cleanup vulnerability in Huawei Emui and Harmonyos Vulnerability of resources not being closed or released in the keystore module Impact: Successful exploitation of this vulnerability will affect availability. | 5.5 |