Total
1019 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-52867 | 2024-11-19 | N/A | 8.1 HIGH | ||
| guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability. | |||||
| CVE-2017-13314 | 2024-11-19 | N/A | 7.8 HIGH | ||
| In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2017-13312 | 2024-11-19 | N/A | 7.8 HIGH | ||
| In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-52717 | 2024-11-18 | N/A | 5.3 MEDIUM | ||
| Permission verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-52926 | 2024-11-18 | N/A | 7.3 HIGH | ||
| Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent. | |||||
| CVE-2024-44760 | 1 Sunmochina | 1 Enterprise Management System | 2024-11-15 | N/A | 7.5 HIGH |
| Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server. | |||||
| CVE-2024-5474 | 1 Lenovo | 1 Dolby Vision Provisioning | 2024-11-15 | N/A | 5.5 MEDIUM |
| A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue. | |||||
| CVE-2024-35201 | 2024-11-15 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access. | |||||
| CVE-2024-21820 | 2024-11-15 | N/A | 7.2 HIGH | ||
| Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-40660 | 2024-11-15 | N/A | 7.8 HIGH | ||
| In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-29083 | 2024-11-15 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-43085 | 2024-11-15 | N/A | 7.8 HIGH | ||
| In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-43089 | 2024-11-15 | N/A | 7.8 HIGH | ||
| In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40661 | 2024-11-15 | N/A | 7.8 HIGH | ||
| In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-25647 | 2024-11-15 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-43081 | 2024-11-15 | N/A | 7.8 HIGH | ||
| In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-43086 | 2024-11-15 | N/A | 5.5 MEDIUM | ||
| In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-52551 | 2024-11-15 | N/A | 8.0 HIGH | ||
| Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved. | |||||
| CVE-2024-42188 | 2024-11-15 | N/A | 3.7 LOW | ||
| HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. | |||||
| CVE-2024-49504 | 2024-11-13 | N/A | N/A | ||
| grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. | |||||