Filtered by vendor
Subscriptions
Total
1406 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-5618 | 2024-11-21 | 9.9 Critical | ||
Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Apinizer Management Console: before 2024.05.1. | ||||
CVE-2024-5163 | 2024-11-21 | 9.8 Critical | ||
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks. | ||||
CVE-2024-43199 | 1 Nagios | 1 Ndoutils | 2024-11-21 | 7.8 High |
Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user. | ||||
CVE-2024-41685 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-11-21 | 7.5 High |
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and obtain sensitive information on the targeted system. | ||||
CVE-2024-3668 | 1 Ideabox | 1 Powerpack Addons For Elementor | 2024-11-21 | 8.8 High |
The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with administrator set as the default role and then register as an administrator. | ||||
CVE-2024-3375 | 1 Havelsan | 1 Dialogue | 2024-11-21 | 9.4 Critical |
Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 before v1.83.1 or v1.84. | ||||
CVE-2024-3250 | 2024-11-21 | 6.5 Medium | ||
It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4. | ||||
CVE-2024-39875 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 4.3 Medium |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows authenticated, low privilege users with the 'Manage own remote connections' permission to retrieve details about other users and group memberships. | ||||
CVE-2024-38456 | 2024-11-21 | 7.8 High | ||
HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain an insecure file and folder permissions vulnerability in prunsrv.exe. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | ||||
CVE-2024-37369 | 1 Rockwellautomation | 1 Factorytalk View | 2024-11-21 | N/A |
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. | ||||
CVE-2024-37087 | 2024-11-21 | 5.3 Medium | ||
The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition. | ||||
CVE-2024-36821 | 1 Linksys | 2 Velop Whw0101, Velop Whw0101 Firmware | 2024-11-21 | 6.8 Medium |
Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. | ||||
CVE-2024-33499 | 2024-11-21 | 9.1 Critical | ||
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected application assigns incorrect permissions to a user management component. This could allow a privileged attacker to escalate their privileges from the Administrators group to the Systemadministrator group. | ||||
CVE-2024-33435 | 1 Guangzhou Yingshi Electronic Technology | 1 Ncast Yingshi | 2024-11-21 | 9.8 Critical |
Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute arbitrary code via the /manage/IPSetup.php backend function | ||||
CVE-2024-32478 | 2024-11-21 | 6.9 Medium | ||
Git Credential Manager (GCM) is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0. | ||||
CVE-2024-30369 | 1 A10networks | 1 Advanced Core Operating System | 2024-11-21 | 7.8 High |
A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754. | ||||
CVE-2024-30208 | 2024-11-21 | 6.3 Medium | ||
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The "DBTest" tool of SIMATIC RTLS Locating Manager does not properly enforce access restriction. This could allow an authenticated local attacker to extract sensitive information from memory. | ||||
CVE-2024-29964 | 1 Brocade | 1 Sannav | 2024-11-21 | 5.7 Medium |
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files. | ||||
CVE-2024-29187 | 2024-11-21 | 7.3 High | ||
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5. | ||||
CVE-2024-28745 | 2024-11-21 | 3.3 Low | ||
Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack. |