Filtered by vendor
Subscriptions
Total
279 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-50931 | 2024-12-11 | 4.6 Medium | ||
Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions. | ||||
CVE-2024-50929 | 2024-12-11 | 6.2 Medium | ||
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS). | ||||
CVE-2024-50920 | 2024-12-11 | 8.8 High | ||
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets. | ||||
CVE-2024-37575 | 2024-12-11 | 7.5 High | ||
The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the org.mistergroup.shouldianswer.ui.default_dialer.DefaultDialerActivity component. | ||||
CVE-2024-28746 | 1 Apache | 1 Airflow | 2024-12-11 | 8.1 High |
Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability | ||||
CVE-2024-22121 | 1 Zabbix | 1 Zabbix | 2024-12-10 | 6.1 Medium |
A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application. | ||||
CVE-2024-40805 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-10 | 7.1 High |
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences. | ||||
CVE-2024-40811 | 1 Apple | 1 Macos | 2024-12-10 | 5.5 Medium |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to modify protected parts of the file system. | ||||
CVE-2024-27888 | 1 Apple | 1 Macos | 2024-12-10 | 5.5 Medium |
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Sonoma 14.4. An app may be able to modify protected parts of the file system. | ||||
CVE-2024-40821 | 1 Apple | 1 Macos | 2024-12-10 | 7.1 High |
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct sandbox restrictions. | ||||
CVE-2024-40800 | 1 Apple | 1 Macos | 2024-12-10 | 5.5 Medium |
An input validation issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system. | ||||
CVE-2023-52542 | 2024-12-07 | 6.5 Medium | ||
Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
CVE-2023-52373 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-06 | 7.5 High |
Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing. | ||||
CVE-2024-6601 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2024-12-06 | 4.7 Medium |
A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | ||||
CVE-2023-28642 | 2 Linuxfoundation, Redhat | 6 Runc, Enterprise Linux, Openshift and 3 more | 2024-12-06 | 6.1 Medium |
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. | ||||
CVE-2023-32388 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-12-05 | 5.5 Medium |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences. | ||||
CVE-2023-32400 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-12-05 | 5.5 Medium |
This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app. | ||||
CVE-2023-32355 | 1 Apple | 1 Macos | 2024-12-05 | 5.5 Medium |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system. | ||||
CVE-2023-34672 | 1 Elenos | 2 Etg150, Etg150 Firmware | 2024-12-05 | 8.8 High |
Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases. | ||||
CVE-2023-32552 | 3 Microsoft, Trend Micro Inc, Trendmicro | 3 Windows, Trend Micro Apex One, Apex One | 2024-12-04 | 5.3 Medium |
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553 |