Total
5446 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-25472 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information. | ||||
CVE-2021-22661 | 1 Prosoft-technology | 4 Icx35-hwc-a, Icx35-hwc-a Firmware, Icx35-hwc-e and 1 more | 2024-08-03 | 7.5 High |
Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior). | ||||
CVE-2022-48508 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-03 | 7.5 High |
Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity. | ||||
CVE-2022-36246 | 1 Shopbeat | 1 Shop Beat Media Player | 2024-08-03 | 9.8 Critical |
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions. | ||||
CVE-2022-23731 | 1 Lg | 1 Webos | 2024-08-03 | 7.8 High |
V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models. | ||||
CVE-2022-23709 | 1 Elastic | 1 Kibana | 2024-08-03 | 4.3 Medium |
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules. | ||||
CVE-2022-23714 | 2 Elastic, Microsoft | 2 Endpoint Security, Windows | 2024-08-03 | 7.8 High |
A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | ||||
CVE-2022-23708 | 1 Elastic | 1 Elasticsearch | 2024-08-03 | 4.3 Medium |
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index. | ||||
CVE-2022-3421 | 2 Apple, Google | 2 Macos, Drive | 2024-08-03 | 5.6 Medium |
An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0 | ||||
CVE-2022-1548 | 1 Mattermost | 1 Playbooks | 2024-08-03 | 3.7 Low |
Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins. | ||||
CVE-2023-52721 | 2024-08-02 | 6.2 Medium | ||
The WindowManager module has a vulnerability in permission control. Impact: Successful exploitation of this vulnerability may affect confidentiality. | ||||
CVE-2023-47716 | 2024-08-02 | 6.3 Medium | ||
IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user to gain the privileges of another user under unusual circumstances. IBM X-Force ID: 271656. | ||||
CVE-2023-47142 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-08-02 | 7.5 High |
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267. | ||||
CVE-2023-44281 | 1 Dell | 1 Pair | 2024-08-02 | 6.6 Medium |
Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service. | ||||
CVE-2024-22452 | 2024-08-02 | 7.3 High | ||
Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation. | ||||
CVE-2023-42005 | 1 Ibm | 2 Db2, Db2 Warehouse | 2024-08-02 | 7.4 High |
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264. | ||||
CVE-2023-40683 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2024-08-02 | 8.8 High |
IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005. | ||||
CVE-2023-39406 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart. | ||||
CVE-2023-39387 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 5.3 Medium |
Vulnerability of permission control in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows. | ||||
CVE-2023-39384 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally. |