Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-49416 |
Description: Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.
CVSS: MEDIUM (4.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-49415 |
Description: Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
CVSS: HIGH (8.1) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-49414 |
Description: Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.
CVSS: LOW (2.4) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-49413 |
Description: Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-49412 |
Description: Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch.
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-49411 |
Description: Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-49410 |
Description: Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-49203 |
Description: Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-48992 |
Description: Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.
CVSS: HIGH (7.8) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-48990 |
Description: Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
CVSS: HIGH (7.8) EPSS Score: 0.25%
December 4th, 2024 (5 months ago)
|