Total
2412 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34743 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-31311 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-31313 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-31318 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21114 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-0024 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-23711 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-23713 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-0046 | 1 Google | 1 Android | 2024-12-16 | 7.8 High |
| In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-40106 | 1 Google | 1 Android | 2024-12-13 | 7.8 High |
| In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-25185 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-12-12 | 3.8 Low |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources. | ||||
| CVE-2023-25188 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-12-12 | 5.1 Medium |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level. | ||||
| CVE-2023-2847 | 1 Eset | 3 Cyber Security, Endpoint Antivirus, Server Security | 2024-12-12 | 7.8 High |
| During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability. | ||||
| CVE-2024-40861 | 1 Apple | 1 Macos | 2024-12-12 | 7.8 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges. | ||||
| CVE-2024-44147 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2024-12-12 | 7.7 High |
| This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network. | ||||
| CVE-2024-40802 | 1 Apple | 1 Macos | 2024-12-10 | 7.8 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. | ||||
| CVE-2024-40781 | 1 Apple | 1 Macos | 2024-12-10 | 7.8 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. | ||||
| CVE-2022-1003 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 3.3 Low |
| One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads. | ||||
| CVE-2022-1332 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 4.3 Medium |
| One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. | ||||
| CVE-2023-21513 | 1 Samsung | 1 Android | 2024-12-05 | 6.1 Medium |
| Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition. | ||||