Total
1164 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21138 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090 | ||||
| CVE-2024-40660 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-40661 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-40654 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-43081 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-31312 | 1 Google | 1 Android | 2024-12-17 | 5.5 Medium |
| In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-30905 | 1 Hpe | 4 Integrity Mc990 X Server Rmc, Integrity Mc990 X Server Rmc Firmware, Sgi Uv 300 Rmc and 1 more | 2024-12-17 | 7.8 High |
| The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege. | ||||
| CVE-2024-8496 | 1 Ivanti | 1 Workspace Control | 2024-12-14 | 7.8 High |
| Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. | ||||
| CVE-2023-25645 | 1 Zte | 10 Up T2 4k, Up T2 4k Firmware, Zxv10 B860h V5d0 and 7 more | 2024-12-12 | 7.7 High |
| There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation. | ||||
| CVE-2024-11872 | 2024-12-12 | N/A | ||
| Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The product applies incorrect default permissions to a sensitive folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24329. | ||||
| CVE-2024-23201 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-12 | 6.2 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS Ventura 13.6.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. An app may be able to cause a denial-of-service. | ||||
| CVE-2023-34352 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-12 | 5.3 Medium |
| A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails. | ||||
| CVE-2023-31349 | 1 Amd | 2 Amd Uprof, Uprof | 2024-12-12 | 7.3 High |
| Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2024-54745 | 2024-12-11 | 9.8 Critical | ||
| WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | ||||
| CVE-2024-11597 | 2024-12-11 | 7.8 High | ||
| Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation. | ||||
| CVE-2024-54751 | 2024-12-11 | 9.8 Critical | ||
| COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | ||||
| CVE-2024-25605 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-12-10 | 5.3 Medium |
| The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API. | ||||
| CVE-2024-40805 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-10 | 7.1 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences. | ||||
| CVE-2024-27888 | 1 Apple | 1 Macos | 2024-12-10 | 5.5 Medium |
| A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Sonoma 14.4. An app may be able to modify protected parts of the file system. | ||||
| CVE-2024-10469 | 1 Cert | 1 Vince | 2024-12-09 | 6.5 Medium |
| VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users. | ||||