Total
2044 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23253 | 1 Apple | 1 Macos | 2024-12-06 | N/A | 3.3 LOW |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to access a user's Photos Library. | |||||
| CVE-2024-21324 | 1 Microsoft | 1 Defender For Iot | 2024-12-05 | N/A | 7.2 HIGH |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | |||||
| CVE-2024-28904 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2024-12-05 | N/A | 7.8 HIGH |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | |||||
| CVE-2024-28905 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2024-12-05 | N/A | 7.8 HIGH |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | |||||
| CVE-2023-21513 | 1 Samsung | 1 Android | 2024-12-05 | N/A | 6.1 MEDIUM |
| Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition. | |||||
| CVE-2023-34148 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-12-04 | N/A | 7.8 HIGH |
| An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147. | |||||
| CVE-2023-34147 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-12-04 | N/A | 7.8 HIGH |
| An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148. | |||||
| CVE-2023-34146 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-12-04 | N/A | 7.8 HIGH |
| An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148. | |||||
| CVE-2024-26169 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-29 | N/A | 7.8 HIGH |
| Windows Error Reporting Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-9941 | 1 Mojoomla | 1 Wordpress Gym Management System | 2024-11-26 | N/A | 8.8 HIGH |
| The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new user accounts with the administrator role. | |||||
| CVE-2023-20048 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | N/A | 9.9 CRITICAL |
| A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface. An attacker could exploit this vulnerability by authenticating to the FMC web services interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute certain configuration commands on the targeted FTD device. To successfully exploit this vulnerability, an attacker would need valid credentials on the FMC Software. | |||||
| CVE-2024-8068 | 2024-11-22 | N/A | N/A | ||
| Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain | |||||
| CVE-2024-8074 | 2024-11-21 | N/A | N/A | ||
| Improper Privilege Management vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users.This issue affects Nomysem: before 13.10.2024. | |||||
| CVE-2024-9478 | 2024-11-21 | N/A | N/A | ||
| Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2. | |||||
| CVE-2024-9479 | 2024-11-21 | N/A | N/A | ||
| Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2. | |||||
| CVE-2024-6908 | 2024-11-21 | N/A | N/A | ||
| Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data. | |||||
| CVE-2024-6326 | 1 Rockwellautomation | 2 Factorytalk Policy Manager, Factorytalk System Services | 2024-11-21 | N/A | 5.5 MEDIUM |
| An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network. | |||||
| CVE-2024-6325 | 1 Rockwellautomation | 1 Factorytalk Policy Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html | |||||
| CVE-2024-6286 | 2024-11-21 | N/A | N/A | ||
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | |||||
| CVE-2024-6240 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | N/A | 7.7 HIGH |
| Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An attacker could exploit this vulnerability to escalate privileges on the system. | |||||