Total
1164 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11921 | 1 Lush 2 | 1 Lush 2 | 2024-11-08 | 8.8 High |
| An issue was discovered in Lush 2 through 2020-02-25. Due to the lack of Bluetooth traffic encryption, it is possible to hijack an ongoing Bluetooth connection between the Lush 2 and a mobile phone. This allows an attacker to gain full control over the device. | ||||
| CVE-2024-7587 | 2 Iconics, Mitsubishielectric | 2 Genesis64, Mc Works64 | 2024-11-06 | 7.8 High |
| Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, Mitsubishi Electric GENESIS64 version 10.97.3 and prior and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64 or MC Works64. | ||||
| CVE-2024-9191 | 1 Okta | 1 Verify | 2024-11-05 | 7.1 High |
| The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vulnerability was discovered via routine penetration testing. Note: A precondition of this vulnerability is that the user must be using the Okta Device Access passwordless feature. Okta Device Access users not using passwordless are not affected, and customers only using Okta Verify on platforms other than Windows, or only using FastPass are not affected. | ||||
| CVE-2024-9167 | 1 Ivanti | 1 Velocity License Server | 2024-11-04 | 7.8 High |
| Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. | ||||
| CVE-2024-8037 | 2024-11-01 | 6.5 Medium | ||
| Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. | ||||
| CVE-2024-48572 | 1 Aquila | 1 Cms | 2024-11-01 | N/A |
| A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user input being processed as a regular expression, which is then matched against email addresses to find duplicate entries. | ||||
| CVE-2023-45896 | 2024-11-01 | 7.1 High | ||
| ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image. | ||||
| CVE-2024-44228 | 1 Apple | 1 Xcode | 2024-10-30 | 7.5 High |
| This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data. | ||||
| CVE-2024-40792 | 1 Apple | 1 Macos | 2024-10-30 | 3.3 Low |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network settings. | ||||
| CVE-2024-42028 | 1 Ubiquiti | 1 Unifi Network Application | 2024-10-29 | 8.8 High |
| A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server. | ||||
| CVE-2024-47012 | 1 Google | 1 Android | 2024-10-28 | 7.8 High |
| In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-30355 | 1 Ovaledge | 1 Ovaledge | 2024-10-28 | 9.8 Critical |
| OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required. | ||||
| CVE-2024-44100 | 1 Google | 32 Android, Pixel, Pixel 2 and 29 more | 2024-10-28 | 7.5 High |
| Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545. | ||||
| CVE-2024-47014 | 1 Google | 1 Android | 2024-10-25 | 8.8 High |
| Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292. | ||||
| CVE-2024-47013 | 1 Google | 1 Android | 2024-10-25 | 7.8 High |
| In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-9947 | 2 Profilepress, Properfraction | 2 Profilepress, Profilepress | 2024-10-25 | 8.1 High |
| The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | ||||
| CVE-2024-47016 | 1 Google | 1 Android | 2024-10-25 | 7.8 High |
| there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-35287 | 1 Mitel | 1 Micollab | 2024-10-23 | 6.7 Medium |
| A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges. | ||||
| CVE-2024-10183 | 2024-10-23 | N/A | ||
| A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems. | ||||
| CVE-2024-47240 | 1 Dell | 1 Secure Connect Gateway | 2024-10-22 | 5.5 Medium |
| Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition. | ||||