Total
1587 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28827 | 1 Checkmk | 1 Checkmk | 2024-12-04 | N/A | 8.8 HIGH |
|
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.
|
|||||
| CVE-2024-54159 | 2024-12-03 | N/A | 4.1 MEDIUM | ||
|
stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp/rtthrottle symlink attack.
|
|||||
| CVE-2024-21431 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2024-11-29 | N/A | 7.8 HIGH |
|
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
|
|||||
| CVE-2024-9244 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-11-29 | N/A | 7.8 HIGH |
|
Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect p ...
Show More |
|||||
| CVE-2024-9245 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-11-29 | N/A | 7.8 HIGH |
|
Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect p ...
Show More |
|||||
| CVE-2020-3312 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.
|
|||||
| CVE-2021-1126 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 2.1 LOW | 5.5 MEDIUM |
|
A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the crede ...
Show More |
|||||
| CVE-2024-7245 | 1 Pandasecurity | 1 Panda Dome | 2024-11-26 | N/A | 7.8 HIGH |
|
Panda Security Dome VPN Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Hydra Sdk Windows Service. The issue lies in the lack of proper permissions set on a folder created by the service. ...
Show More |
|||||
| CVE-2024-6780 | 2024-11-21 | N/A | 3.3 LOW | ||
|
Improper permission control in the mobile application (com.android.server.telecom) may lead to user information security risks.
|
|||||
| CVE-2024-6739 | 1 Openfind | 2 Mailaudit, Mailgates | 2024-11-21 | N/A | 5.3 MEDIUM |
|
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
|
|||||
| CVE-2024-5618 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
|
Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Apinizer Management Console: before 2024.05.1.
|
|||||
| CVE-2024-5163 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.
|
|||||
| CVE-2024-43199 | 1 Nagios | 1 Ndoutils | 2024-11-21 | N/A | 7.8 HIGH |
|
Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user.
|
|||||
| CVE-2024-41685 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system.
Successful exploitation of this vulnerability could allow the attacker to capture cookies and obtain sensitive information on the targeted system.
|
|||||
| CVE-2024-3375 | 2024-11-21 | N/A | 9.4 CRITICAL | ||
|
Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 before v1.83.1 or v1.84.
|
|||||
| CVE-2024-39875 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows authenticated, low privilege users with the 'Manage own remote connections' permission to retrieve details about other users and group memberships.
|
|||||
| CVE-2024-38456 | 2024-11-21 | N/A | 7.8 HIGH | ||
|
HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain an insecure file and folder permissions vulnerability in prunsrv.exe. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.
|
|||||
| CVE-2024-36821 | 1 Linksys | 2 Velop Whw0101, Velop Whw0101 Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root.
|
|||||
| CVE-2024-33499 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
|
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating M ...
Show More |
|||||
| CVE-2024-33435 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute arbitrary code via the /manage/IPSetup.php backend function
|
|||||
| CVE-2024-32478 | 2024-11-21 | N/A | 6.9 MEDIUM | ||
|
Git Credential Manager (GCM) is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0.
|
|||||
| CVE-2024-30369 | 1 A10networks | 1 Advanced Core Operating System | 2024-11-21 | N/A | 7.8 HIGH |
|
A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privi ...
Show More |
|||||
| CVE-2024-30208 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
|
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating M ...
Show More |
|||||
| CVE-2024-29187 | 2024-11-21 | N/A | 7.3 HIGH | ||
|
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.
|
|||||
| CVE-2024-28745 | 2024-11-21 | N/A | 3.3 LOW | ||
|
Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack.
|
|||||
| CVE-2024-28589 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
|
An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization.
|
|||||
| CVE-2024-27108 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
|
Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products
|
|||||
| CVE-2024-24740 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 5.3 MEDIUM |
|
SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application.
|
|||||
| CVE-2024-22016 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | N/A | 7.8 HIGH |
|
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation.
|
|||||
| CVE-2024-21902 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | N/A | 6.4 MEDIUM |
|
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
|
|||||
| CVE-2024-21835 | 1 Intel | 1 Extreme Tuning Utility | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-21305 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
|
|||||
| CVE-2024-1724 | 1 Canonical | 1 Snapd | 2024-11-21 | N/A | 6.3 MEDIUM |
|
In snapd versions prior to 2.62, when using AppArmor for enforcement of
sandbox permissions, snapd failed to restrict writes to the $HOME/bin
path. In Ubuntu, when this path exists, it is automatically added to
the users PATH. An attacker who could convince a user to install a
malicious snap which used the 'home' plug could use this vulnerability
to install arbitrary scripts into the users PATH which may then be run
by the user outside of the expected snap sandbox and hence allow them
to escape ...
Show More |
|||||
| CVE-2024-1486 | 2024-11-21 | N/A | 7.4 HIGH | ||
|
Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
|
|||||
| CVE-2023-7055 | 1 Phpgurukul | 1 Online Notes Sharing System | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-6883 | 1 Easysocialfeed | 1 Easy Social Feed | 2024-11-21 | N/A | 4.3 MEDIUM |
|
The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions, such as modifying the plugin's Facebook and Instagram access tokens and updating group IDs.
|
|||||
| CVE-2023-6593 | 2 Apple, Devolutions | 2 Iphone Os, Remote Desktop Manager | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction.
|
|||||
| CVE-2023-6179 | 1 Honeywell | 1 Prowatch | 2024-11-21 | N/A | 7.8 HIGH |
|
Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5).
|
|||||
| CVE-2023-5936 | 2024-11-21 | N/A | 7.8 HIGH | ||
|
On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges.
By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.
|
|||||
| CVE-2023-5651 | 1 Thimpress | 1 Wp Hotel Booking | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts
|
|||||