Total
291 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40828 | 1 Apple | 1 Macos | 2024-12-11 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges. | |||||
| CVE-2024-50931 | 2024-12-11 | N/A | 4.6 MEDIUM | ||
| Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions. | |||||
| CVE-2024-50929 | 2024-12-11 | N/A | 6.2 MEDIUM | ||
| Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS). | |||||
| CVE-2024-50920 | 2024-12-11 | N/A | 8.8 HIGH | ||
| Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets. | |||||
| CVE-2024-37575 | 2024-12-11 | N/A | 7.5 HIGH | ||
| The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the org.mistergroup.shouldianswer.ui.default_dialer.DefaultDialerActivity component. | |||||
| CVE-2024-22121 | 1 Zabbix | 1 Zabbix | 2024-12-10 | N/A | 6.1 MEDIUM |
| A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application. | |||||
| CVE-2024-40805 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-10 | N/A | 7.1 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences. | |||||
| CVE-2024-40811 | 1 Apple | 1 Macos | 2024-12-10 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to modify protected parts of the file system. | |||||
| CVE-2024-27888 | 1 Apple | 1 Macos | 2024-12-10 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Sonoma 14.4. An app may be able to modify protected parts of the file system. | |||||
| CVE-2024-40821 | 1 Apple | 1 Macos | 2024-12-10 | N/A | 7.1 HIGH |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct sandbox restrictions. | |||||
| CVE-2024-40800 | 1 Apple | 1 Macos | 2024-12-10 | N/A | 5.5 MEDIUM |
| An input validation issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system. | |||||
| CVE-2023-28642 | 2024-12-06 | N/A | 6.1 MEDIUM | ||
| runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. | |||||
| CVE-2023-32388 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-12-05 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences. | |||||
| CVE-2023-32400 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-12-05 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app. | |||||
| CVE-2023-32355 | 1 Apple | 1 Macos | 2024-12-05 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system. | |||||
| CVE-2023-34672 | 1 Elenos | 2 Etg150, Etg150 Firmware | 2024-12-05 | N/A | 8.8 HIGH |
| Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases. | |||||
| CVE-2023-32552 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-12-04 | N/A | 5.3 MEDIUM |
| An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553 | |||||
| CVE-2024-22114 | 1 Zabbix | 1 Zabbix | 2024-12-04 | N/A | 4.3 MEDIUM |
| User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard. | |||||
| CVE-2024-43784 | 2024-11-26 | N/A | 5.7 MEDIUM | ||
| lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials. This issue has been addressed in release version 1.33.0 and all users are advised to upgrade. The only known workaround for those who cannot upgrade is to not reuse usernames. | |||||
| CVE-2024-52522 | 2024-11-21 | N/A | N/A | ||
| Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2. | |||||