Filtered by CWE-281
Filtered by vendor Subscriptions
Total 279 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-50931 2024-12-11 4.6 Medium
Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions.
CVE-2024-50929 2024-12-11 6.2 Medium
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS).
CVE-2024-50920 2024-12-11 8.8 High
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets.
CVE-2024-37575 2024-12-11 7.5 High
The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the org.mistergroup.shouldianswer.ui.default_dialer.DefaultDialerActivity component.
CVE-2024-28746 1 Apache 1 Airflow 2024-12-11 8.1 High
Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.  Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability
CVE-2024-22121 1 Zabbix 1 Zabbix 2024-12-10 6.1 Medium
A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.
CVE-2024-40805 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-12-10 7.1 High
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.
CVE-2024-40811 1 Apple 1 Macos 2024-12-10 5.5 Medium
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to modify protected parts of the file system.
CVE-2024-27888 1 Apple 1 Macos 2024-12-10 5.5 Medium
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Sonoma 14.4. An app may be able to modify protected parts of the file system.
CVE-2024-40821 1 Apple 1 Macos 2024-12-10 7.1 High
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct sandbox restrictions.
CVE-2024-40800 1 Apple 1 Macos 2024-12-10 5.5 Medium
An input validation issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.
CVE-2023-52542 2024-12-07 6.5 Medium
Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52373 1 Huawei 2 Emui, Harmonyos 2024-12-06 7.5 High
Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing.
CVE-2024-6601 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2024-12-06 4.7 Medium
A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
CVE-2023-28642 2 Linuxfoundation, Redhat 6 Runc, Enterprise Linux, Openshift and 3 more 2024-12-06 6.1 Medium
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
CVE-2023-32388 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2024-12-05 5.5 Medium
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.
CVE-2023-32400 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2024-12-05 5.5 Medium
This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.
CVE-2023-32355 1 Apple 1 Macos 2024-12-05 5.5 Medium
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.
CVE-2023-34672 1 Elenos 2 Etg150, Etg150 Firmware 2024-12-05 8.8 High
Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases.
CVE-2023-32552 3 Microsoft, Trend Micro Inc, Trendmicro 3 Windows, Trend Micro Apex One, Apex One 2024-12-04 5.3 Medium
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553