Filtered by CWE-276
Filtered by vendor Subscriptions
Total 1138 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-44228 1 Apple 1 Xcode 2024-10-30 7.5 High
This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.
CVE-2024-40792 1 Apple 1 Macos 2024-10-30 3.3 Low
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network settings.
CVE-2024-42028 1 Ubiquiti 1 Unifi Network Application 2024-10-29 8.8 High
A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.
CVE-2024-47012 1 Google 1 Android 2024-10-28 7.8 High
In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2022-30355 1 Ovaledge 1 Ovaledge 2024-10-28 9.8 Critical
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.
CVE-2024-44100 1 Google 32 Android, Pixel, Pixel 2 and 29 more 2024-10-28 7.5 High
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.
CVE-2024-47014 1 Google 1 Android 2024-10-25 8.8 High
Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292.
CVE-2024-47013 1 Google 1 Android 2024-10-25 7.8 High
In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-9947 2 Profilepress, Properfraction 2 Profilepress, Profilepress 2024-10-25 8.1 High
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
CVE-2024-47016 1 Google 1 Android 2024-10-25 7.8 High
there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-35287 1 Mitel 1 Micollab 2024-10-23 6.7 Medium
A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges.
CVE-2024-10183 2024-10-23 N/A
A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems.
CVE-2024-47240 1 Dell 1 Secure Connect Gateway 2024-10-22 5.5 Medium
Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition.
CVE-2024-49389 1 Acronis 1 Cyber Files 2024-10-18 7.8 High
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
CVE-2024-9858 1 Google Cloud 1 Migrate To Containers 2024-10-16 7.8 High
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond
CVE-2023-42133 1 Paxtechnology 1 Paydroid 2024-10-15 6.7 Medium
PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226.
CVE-2024-39544 2024-10-15 5 Medium
An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information. On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows a low-privileged user can access sensitive information compromising the confidentiality of the system. Junos OS Evolved:  * All versions before 20.4R3-S9-EVO,  * 21.2-EVO before 21.2R3-S7-EVO,  * 21.4-EVO before 21.4R3-S5-EVO,  * 22.1-EVO before 22.1R3-S5-EVO,  * 22.2-EVO before 22.2R3-S3-EVO,  * 22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO,  * 22.4-EVO before 22.4R3-EVO,  * 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.
CVE-2024-38222 1 Microsoft 2 Edge, Edge Chromium 2024-10-09 6.5 Medium
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2022-25776 1 Acquia 1 Mautic 2024-09-24 8.3 High
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.
CVE-2024-8533 1 Rockwellautomation 6 2800c Optixpanel Compact, 2800c Optixpanel Compact Firmware, 2800s Optixpanel Standard and 3 more 2024-09-19 8.8 High
A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.