Filtered by CWE-269
Filtered by vendor Subscriptions
Total 2021 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-40861 1 Apple 1 Macos 2024-12-12 7.8 High
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges.
CVE-2024-44147 1 Apple 3 Ios And Ipados, Ipados, Iphone Os 2024-12-12 7.7 High
This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network.
CVE-2024-38089 1 Microsoft 1 Defender For Iot 2024-12-10 9.1 Critical
Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2023-36721 1 Microsoft 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more 2024-12-10 7 High
Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-32713 1 Splunk 1 Splunk App For Stream 2024-12-10 7.8 High
In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user.
CVE-2024-40802 1 Apple 1 Macos 2024-12-10 7.8 High
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges.
CVE-2024-40781 1 Apple 1 Macos 2024-12-10 7.8 High
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges.
CVE-2024-27826 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2024-12-10 7.8 High
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.8, macOS Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges.
CVE-2022-1003 1 Mattermost 1 Mattermost 2024-12-07 3.3 Low
One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads.
CVE-2022-1332 1 Mattermost 1 Mattermost Server 2024-12-07 4.3 Medium
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.
CVE-2024-23253 1 Apple 1 Macos 2024-12-06 3.3 Low
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to access a user's Photos Library.
CVE-2024-21324 1 Microsoft 1 Defender For Iot 2024-12-05 7.2 High
Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-28904 1 Microsoft 2 Windows Server 2022 23h2, Windows Server 23h2 2024-12-05 7.8 High
Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-28905 1 Microsoft 2 Windows Server 2022 23h2, Windows Server 23h2 2024-12-05 7.8 High
Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2023-21513 1 Samsung 1 Android 2024-12-05 6.1 Medium
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.
CVE-2024-52336 1 Redhat 1 Enterprise Linux 2024-12-05 7.8 High
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
CVE-2023-34148 3 Microsoft, Trend Micro Inc, Trendmicro 3 Windows, Trend Micro Apex One, Apex One 2024-12-04 7.8 High
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147.
CVE-2023-34147 3 Microsoft, Trend Micro Inc, Trendmicro 3 Windows, Trend Micro Apex One, Apex One 2024-12-04 7.8 High
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148.
CVE-2023-34146 3 Microsoft, Trend Micro Inc, Trendmicro 3 Windows, Trend Micro Apex One, Apex One 2024-12-04 7.8 High
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148.
CVE-2024-1764 2024-12-04 7.6 High
Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances