Filtered by vendor
Subscriptions
Total
1138 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-30905 | 1 Hpe | 4 Integrity Mc990 X Server Rmc, Integrity Mc990 X Server Rmc Firmware, Sgi Uv 300 Rmc and 1 more | 2024-12-17 | 7.8 High |
The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege. | ||||
CVE-2024-8496 | 1 Ivanti | 1 Workspace Control | 2024-12-14 | 7.8 High |
Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. | ||||
CVE-2023-25645 | 1 Zte | 10 Up T2 4k, Up T2 4k Firmware, Zxv10 B860h V5d0 and 7 more | 2024-12-12 | 7.7 High |
There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation. | ||||
CVE-2024-11872 | 2024-12-12 | N/A | ||
Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The product applies incorrect default permissions to a sensitive folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24329. | ||||
CVE-2024-23201 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-12 | 6.2 Medium |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS Ventura 13.6.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. An app may be able to cause a denial-of-service. | ||||
CVE-2023-34352 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-12 | 5.3 Medium |
A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails. | ||||
CVE-2023-31349 | 1 Amd | 2 Amd Uprof, Uprof | 2024-12-12 | 7.3 High |
Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
CVE-2024-54745 | 2024-12-11 | 9.8 Critical | ||
WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | ||||
CVE-2024-11597 | 2024-12-11 | 7.8 High | ||
Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation. | ||||
CVE-2024-54751 | 2024-12-11 | 9.8 Critical | ||
COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | ||||
CVE-2024-25605 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-12-11 | 5.3 Medium |
The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API. | ||||
CVE-2023-22931 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-12-10 | 4.3 Medium |
In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default. | ||||
CVE-2024-40805 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-10 | 7.1 High |
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences. | ||||
CVE-2024-27888 | 1 Apple | 1 Macos | 2024-12-10 | 5.5 Medium |
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Sonoma 14.4. An app may be able to modify protected parts of the file system. | ||||
CVE-2024-10469 | 1 Cert | 1 Vince | 2024-12-09 | 6.5 Medium |
VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users. | ||||
CVE-2024-23295 | 1 Apple | 1 Visionos | 2024-12-09 | 6.2 Medium |
A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona. | ||||
CVE-2024-54747 | 1 Wavlink | 1 Wn531p3 Firmware | 2024-12-09 | 9.8 Critical |
WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | ||||
CVE-2022-2366 | 1 Mattermost | 1 Mattermost Server | 2024-12-07 | 5.6 Medium |
Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers. | ||||
CVE-2024-51378 | 1 Cyberpanel | 1 Cyberpanel | 2024-12-06 | 10 Critical |
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected. | ||||
CVE-2024-23253 | 1 Apple | 1 Macos | 2024-12-06 | 3.3 Low |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to access a user's Photos Library. |