Total
312 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40828 | 1 Apple | 1 Macos | 2024-12-11 | 7.8 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges. | ||||
| CVE-2024-50931 | 2024-12-11 | 4.6 Medium | ||
| Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions. | ||||
| CVE-2024-50929 | 2024-12-11 | 6.2 Medium | ||
| Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS). | ||||
| CVE-2024-50920 | 2024-12-11 | 8.8 High | ||
| Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets. | ||||
| CVE-2024-37575 | 2024-12-11 | 7.5 High | ||
| The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the org.mistergroup.shouldianswer.ui.default_dialer.DefaultDialerActivity component. | ||||
| CVE-2024-22121 | 1 Zabbix | 1 Zabbix | 2024-12-10 | 6.1 Medium |
| A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application. | ||||
| CVE-2024-40805 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-10 | 7.1 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences. | ||||
| CVE-2024-40811 | 1 Apple | 1 Macos | 2024-12-10 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to modify protected parts of the file system. | ||||
| CVE-2024-40821 | 1 Apple | 1 Macos | 2024-12-10 | 7.1 High |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct sandbox restrictions. | ||||
| CVE-2023-52542 | 2024-12-06 | 6.5 Medium | ||
| Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2023-52373 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-06 | 7.5 High |
| Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing. | ||||
| CVE-2024-6601 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2024-12-06 | 4.7 Medium |
| A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | ||||
| CVE-2023-32388 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-12-05 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences. | ||||
| CVE-2023-32355 | 1 Apple | 1 Macos | 2024-12-05 | 5.5 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system. | ||||
| CVE-2023-34672 | 1 Elenos | 2 Etg150, Etg150 Firmware | 2024-12-05 | 8.8 High |
| Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases. | ||||
| CVE-2023-32552 | 3 Microsoft, Trend Micro Inc, Trendmicro | 3 Windows, Trend Micro Apex One, Apex One | 2024-12-04 | 5.3 Medium |
| An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553 | ||||
| CVE-2024-22114 | 1 Zabbix | 1 Zabbix | 2024-12-04 | 4.3 Medium |
| User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard. | ||||
| CVE-2024-40859 | 1 Apple | 1 Macos | 2024-12-02 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. | ||||
| CVE-2024-43784 | 2024-11-26 | 5.7 Medium | ||
| lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials. This issue has been addressed in release version 1.33.0 and all users are advised to upgrade. The only known workaround for those who cannot upgrade is to not reuse usernames. | ||||
| CVE-2024-1726 | 1 Redhat | 1 Quarkus | 2024-11-24 | 5.3 Medium |
| A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service. | ||||