Filtered by CWE-281
Filtered by vendor Subscriptions
Total 279 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-54515 1 Apple 1 Macos 2024-12-21 7.8 High
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to gain root privileges.
CVE-2024-54465 1 Apple 1 Macos 2024-12-21 9.8 Critical
A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges.
CVE-2024-44211 2024-12-20 7.5 High
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.
CVE-2024-36881 1 Redhat 1 Enterprise Linux 2024-12-19 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover that too. This fixes a WARN trace. The only user visible side effect is the user can observe leftover wr-protect bits even if the user close()ed on an userfaultfd when releasing the last reference of it. However hopefully that should be harmless, and nothing bad should happen even if so. This change is now more important after the recent page-table-check patch we merged in mm-unstable (446dd9ad37d0 ("mm/page_table_check: support userfault wr-protect entries")), as we'll do sanity check on uffd-wp bits without vma context. So it's better if we can 100% guarantee no uffd-wp bit leftovers, to make sure each report will be valid.
CVE-2024-56317 2024-12-19 N/A
In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service.
CVE-2024-21816 1 Openatom 1 Openharmony 2024-12-16 4 Medium
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions.
CVE-2024-41644 1 Openrobotics 1 Robot Operating System 2024-12-13 9.8 Critical
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component.
CVE-2024-41645 1 Openrobotics 1 Robot Operating System 2024-12-13 9.8 Critical
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl.
CVE-2024-41646 1 Openrobotics 1 Robot Operating System 2024-12-13 9.8 Critical
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller.
CVE-2024-41648 1 Openrobotics 1 Robot Operating System 2024-12-13 7.1 High
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller.
CVE-2024-41649 1 Openrobotics 1 Robot Operating System 2024-12-13 9.8 Critical
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_.
CVE-2024-41650 1 Openrobotics 1 Robot Operating System 2024-12-13 7.1 High
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d.
CVE-2024-54484 1 Apple 1 Macos 2024-12-13 5.5 Medium
The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.
CVE-2024-54513 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2024-12-13 5.7 Medium
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access sensitive user data.
CVE-2024-50930 2024-12-12 8.8 High
An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code.
CVE-2024-50928 2024-12-12 6.5 Medium
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's communications with the controller.
CVE-2024-50924 2024-12-12 6.5 Medium
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending crafted packets to the controller.
CVE-2024-50921 2024-12-12 6.5 Medium
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeatedly sending crafted packets to the controller.
CVE-2024-40824 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-12-11 5.5 Medium
This issue was addressed through improved state management. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.
CVE-2024-40828 1 Apple 1 Macos 2024-12-11 7.8 High
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges.