Total
2449 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34743 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-31311 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-31313 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-31318 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21114 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-0024 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-23711 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-23713 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-0046 | 1 Google | 1 Android | 2024-12-16 | 7.8 High |
| In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-40106 | 1 Google | 1 Android | 2024-12-13 | 7.8 High |
| In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-25185 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-12-12 | 3.8 Low |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources. | ||||
| CVE-2023-25188 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-12-12 | 5.1 Medium |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level. | ||||
| CVE-2023-2847 | 1 Eset | 3 Cyber Security, Endpoint Antivirus, Server Security | 2024-12-12 | 7.8 High |
| During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability. | ||||
| CVE-2022-1003 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 3.3 Low |
| One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads. | ||||
| CVE-2022-1332 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 4.3 Medium |
| One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. | ||||
| CVE-2023-21513 | 1 Samsung | 1 Android | 2024-12-05 | 6.1 Medium |
| Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition. | ||||
| CVE-2023-34148 | 3 Microsoft, Trend Micro Inc, Trendmicro | 3 Windows, Trend Micro Apex One, Apex One | 2024-12-04 | 7.8 High |
| An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147. | ||||
| CVE-2023-34147 | 3 Microsoft, Trend Micro Inc, Trendmicro | 3 Windows, Trend Micro Apex One, Apex One | 2024-12-04 | 7.8 High |
| An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148. | ||||
| CVE-2023-34146 | 3 Microsoft, Trend Micro Inc, Trendmicro | 3 Windows, Trend Micro Apex One, Apex One | 2024-12-04 | 7.8 High |
| An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148. | ||||
| CVE-2023-4607 | 1 Lenovo | 231 Thinkagile Hx1021 Edg, Thinkagile Hx1021 Edg Firmware, Thinkagile Hx1320 and 228 more | 2024-12-03 | 7.5 High |
| An authenticated XCC user can change permissions for any user through a crafted API command. | ||||