Total
2012 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27811 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-21 | 7.8 High |
| The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges. | ||||
| CVE-2024-27711 | 1 Eskooly | 1 Eskooly | 2024-11-21 | 8.8 High |
| An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the Sin-up process function in the account settings. | ||||
| CVE-2024-27710 | 1 Eskooly | 1 Free Online School Management Software | 2024-11-21 | 9.8 Critical |
| An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism. | ||||
| CVE-2024-27518 | 2024-11-21 | 7.8 High | ||
| An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows unprivileged attackers to escalate privileges via a restore of a crafted DLL file into the C:\Program Files\SUPERAntiSpyware folder. | ||||
| CVE-2024-27357 | 2024-11-21 | 5.8 Medium | ||
| An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins. | ||||
| CVE-2024-27301 | 2024-11-21 | 7.3 High | ||
| Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang `#!/bin/zsh` is being used. When the installer is executed it asks for the users password to be executed as root. However, it'll still be using the $HOME of the user and therefore loading the file `$HOME/.zshenv` when the `postinstall` script is executed. An attacker could add malicious code to `$HOME/.zshenv` and it will be executed when the app is installed. An attacker may leverage this vulnerability to escalate privilege on the system. This issue has been addressed in version 2.5.1 Rev 2. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-27264 | 1 Ibm | 1 I | 2024-11-21 | 7.4 High |
| IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563. | ||||
| CVE-2024-27233 | 2024-11-21 | 7.8 High | ||
| In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission bypass due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-27224 | 2024-11-21 | 7.8 High | ||
| In strncpy of strncpy.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-27222 | 2024-11-21 | 7.8 High | ||
| In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible way to access the file the app cannot access due to Intent Redirect GRANT_URI_PERMISSIONS Attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-27210 | 2024-11-21 | 7.8 High | ||
| In policy_check of fvp.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-27207 | 2024-11-21 | 9.1 Critical | ||
| Exported broadcast receivers allowing malicious apps to bypass broadcast protection. | ||||
| CVE-2024-27181 | 2024-11-21 | 8.8 High | ||
| In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue. | ||||
| CVE-2024-26247 | 1 Microsoft | 2 Edge, Edge Chromium | 2024-11-21 | 4.7 Medium |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||
| CVE-2024-26169 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2024-11-21 | 7.8 High |
| Windows Error Reporting Service Elevation of Privilege Vulnerability | ||||
| CVE-2024-25990 | 2024-11-21 | 6.4 Medium | ||
| In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-25987 | 2024-11-21 | 6.7 Medium | ||
| In pt_sysctl_command of pt.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-25961 | 2024-11-21 | 6 Medium | ||
| Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. | ||||
| CVE-2024-25847 | 1 Myprestamodules | 1 Product Catalog Import For Prestashop | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and importProducts::_addDataToDb methods. | ||||
| CVE-2024-25842 | 2024-11-21 | 7.5 High | ||
| An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" (prestasalesmanager) module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLogo() and postProcess methods. | ||||