Filtered by vendor
Subscriptions
Total
2021 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-40861 | 1 Apple | 1 Macos | 2024-12-12 | 7.8 High |
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges. | ||||
CVE-2024-44147 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2024-12-12 | 7.7 High |
This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network. | ||||
CVE-2024-38089 | 1 Microsoft | 1 Defender For Iot | 2024-12-10 | 9.1 Critical |
Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||||
CVE-2023-36721 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-12-10 | 7 High |
Windows Error Reporting Service Elevation of Privilege Vulnerability | ||||
CVE-2023-32713 | 1 Splunk | 1 Splunk App For Stream | 2024-12-10 | 7.8 High |
In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user. | ||||
CVE-2024-40802 | 1 Apple | 1 Macos | 2024-12-10 | 7.8 High |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. | ||||
CVE-2024-40781 | 1 Apple | 1 Macos | 2024-12-10 | 7.8 High |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. | ||||
CVE-2024-27826 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-12-10 | 7.8 High |
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.8, macOS Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
CVE-2022-1003 | 1 Mattermost | 1 Mattermost | 2024-12-07 | 3.3 Low |
One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads. | ||||
CVE-2022-1332 | 1 Mattermost | 1 Mattermost Server | 2024-12-07 | 4.3 Medium |
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. | ||||
CVE-2024-23253 | 1 Apple | 1 Macos | 2024-12-06 | 3.3 Low |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to access a user's Photos Library. | ||||
CVE-2024-21324 | 1 Microsoft | 1 Defender For Iot | 2024-12-05 | 7.2 High |
Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||||
CVE-2024-28904 | 1 Microsoft | 2 Windows Server 2022 23h2, Windows Server 23h2 | 2024-12-05 | 7.8 High |
Microsoft Brokering File System Elevation of Privilege Vulnerability | ||||
CVE-2024-28905 | 1 Microsoft | 2 Windows Server 2022 23h2, Windows Server 23h2 | 2024-12-05 | 7.8 High |
Microsoft Brokering File System Elevation of Privilege Vulnerability | ||||
CVE-2023-21513 | 1 Samsung | 1 Android | 2024-12-05 | 6.1 Medium |
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition. | ||||
CVE-2024-52336 | 1 Redhat | 1 Enterprise Linux | 2024-12-05 | 7.8 High |
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. | ||||
CVE-2023-34148 | 3 Microsoft, Trend Micro Inc, Trendmicro | 3 Windows, Trend Micro Apex One, Apex One | 2024-12-04 | 7.8 High |
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147. | ||||
CVE-2023-34147 | 3 Microsoft, Trend Micro Inc, Trendmicro | 3 Windows, Trend Micro Apex One, Apex One | 2024-12-04 | 7.8 High |
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148. | ||||
CVE-2023-34146 | 3 Microsoft, Trend Micro Inc, Trendmicro | 3 Windows, Trend Micro Apex One, Apex One | 2024-12-04 | 7.8 High |
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148. | ||||
CVE-2024-1764 | 2024-12-04 | 7.6 High | ||
Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances |