Security Vulnerabilities - CVEs Published In September 2024
Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-09-04
Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.
CVSS Score
6.2
EPSS Score
0.0
Published
2024-09-04
Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-09-04
Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.
CVSS Score
4.6
EPSS Score
0.0
Published
2024-09-04
Memory request vulnerability in the memory management module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.2
EPSS Score
0.0
Published
2024-09-04
Access permission verification vulnerability in the camera driver module
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-09-04
Access control vulnerability in the camera framework module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-09-04
Page table protection configuration vulnerability in the trusted firmware module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
4.1
EPSS Score
0.0
Published
2024-09-04
Access permission verification vulnerability in the ringtone setting module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
5.1
EPSS Score
0.001
Published
2024-09-04
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Attackers can also update arbitrary settings and create user accounts even when registration is disabled, leading to user creation with a default role of Administrator.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-09-04