Total
1261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43089 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2017-13310 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21139 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271845008 | |||||
| CVE-2023-21138 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090 | |||||
| CVE-2024-40660 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40661 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-45494 | 2024-12-17 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions. | |||||
| CVE-2024-40654 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-43081 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-31312 | 1 Google | 1 Android | 2024-12-17 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-30905 | 1 Hpe | 4 Integrity Mc990 X Server Rmc, Integrity Mc990 X Server Rmc Firmware, Sgi Uv 300 Rmc and 1 more | 2024-12-17 | N/A | 7.8 HIGH |
| The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege. | |||||
| CVE-2024-9845 | 1 Ivanti | 1 Automation | 2024-12-13 | N/A | 7.8 HIGH |
| Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. | |||||
| CVE-2024-8496 | 1 Ivanti | 1 Workspace Control | 2024-12-13 | N/A | 7.8 HIGH |
| Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. | |||||
| CVE-2024-10251 | 1 Ivanti | 1 Security Controls | 2024-12-13 | N/A | 7.8 HIGH |
| Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. | |||||
| CVE-2023-25645 | 1 Zte | 10 Up T2 4k, Up T2 4k Firmware, Zxv10 B860h V5d0 and 7 more | 2024-12-12 | N/A | 7.7 HIGH |
| There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation. | |||||
| CVE-2024-23201 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-12 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS Ventura 13.6.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. An app may be able to cause a denial-of-service. | |||||
| CVE-2023-34352 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-12 | N/A | 5.3 MEDIUM |
| A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails. | |||||
| CVE-2024-11872 | 2024-12-12 | N/A | 7.8 HIGH | ||
| Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The product applies incorrect default permissions to a sensitive folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24329. | |||||
| CVE-2023-31349 | 1 Amd | 1 Uprof | 2024-12-12 | N/A | 7.3 HIGH |
| Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2024-54745 | 2024-12-11 | N/A | 9.8 CRITICAL | ||
| WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | |||||