Total
1392 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7612 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-12-18 | N/A | 8.8 HIGH |
| Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components. | |||||
| CVE-2023-34852 | 1 Publiccms | 1 Publiccms | 2024-12-18 | N/A | 9.8 CRITICAL |
| PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions. | |||||
| CVE-2024-47104 | 2024-12-18 | N/A | 6.8 MEDIUM | ||
| IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges. | |||||
| CVE-2024-45841 | 2024-12-18 | N/A | 6.5 MEDIUM | ||
| Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing credentials may be obtained. | |||||
| CVE-2024-41647 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. | |||||
| CVE-2024-12564 | 2024-12-12 | N/A | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation. | |||||
| CVE-2024-12255 | 2024-12-12 | N/A | 5.3 MEDIUM | ||
| The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. This makes it possible for unauthenticated attackers to extract configuration information that can be leveraged in another attack. | |||||
| CVE-2024-37574 | 2024-12-12 | N/A | 8.2 HIGH | ||
| The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity. | |||||
| CVE-2024-21915 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2024-12-11 | N/A | 9.0 CRITICAL |
| A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable. | |||||
| CVE-2024-12363 | 2024-12-11 | N/A | 7.1 HIGH | ||
| Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files. TeamViewer Patch & Asset Management is part of TeamViewer Remote Management. | |||||
| CVE-2024-8540 | 2024-12-10 | N/A | 8.8 HIGH | ||
| Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components. | |||||
| CVE-2024-7572 | 2024-12-10 | N/A | 7.1 HIGH | ||
| Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files. | |||||
| CVE-2024-10256 | 2024-12-10 | N/A | 7.1 HIGH | ||
| Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files. | |||||
| CVE-2024-6871 | 1 Gdata-software | 1 Total Security | 2024-12-10 | N/A | 7.8 HIGH |
| G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of autostart tasks. The issue results from incorrect permissions set on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22629. | |||||
| CVE-2024-8256 | 2024-12-10 | N/A | N/A | ||
| In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default permissions to access critical device resources via the API. | |||||
| CVE-2024-28827 | 1 Checkmk | 1 Checkmk | 2024-12-04 | N/A | 8.8 HIGH |
| Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges. | |||||
| CVE-2024-54159 | 2024-12-03 | N/A | 4.1 MEDIUM | ||
| stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp/rtthrottle symlink attack. | |||||
| CVE-2024-21431 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2024-11-29 | N/A | 7.8 HIGH |
| Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | |||||
| CVE-2024-9244 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-11-29 | N/A | 7.8 HIGH |
| Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-23933. | |||||
| CVE-2024-9245 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-11-29 | N/A | 7.8 HIGH |
| Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-23966. | |||||