Total
5241 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43089 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21141 | 1 Google | 1 Android | 2024-12-17 | N/A | 5.5 MEDIUM |
| In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262244249 | |||||
| CVE-2024-34719 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40661 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40671 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-45493 | 2024-12-17 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the device. However, an attacker can bypass the check for this, which might allow them to authenticate with an internal user account from the network (if they know their password). | |||||
| CVE-2024-40652 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-40650 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-31318 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-23704 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-8434 | 1 Themehunk | 1 Mega Menu | 2024-12-17 | N/A | 4.3 MEDIUM |
| The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform actions like updating plugin settings. | |||||
| CVE-2024-0038 | 1 Google | 1 Android | 2024-12-16 | N/A | 7.8 HIGH |
| In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-56003 | 2024-12-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer.This issue affects Caldera SMTP Mailer: from n/a through 1.0.1. | |||||
| CVE-2024-55999 | 2024-12-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Marco Giannini XML Multilanguage Sitemap Generator.This issue affects XML Multilanguage Sitemap Generator: from n/a through 2.0.6. | |||||
| CVE-2024-56009 | 2024-12-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through 1.0.4. | |||||
| CVE-2024-56007 | 2024-12-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Ram Segev Leader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leader: from n/a through 2.6.1. | |||||
| CVE-2024-56004 | 2024-12-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Alex W Fowler Easy Site Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Site Importer: from n/a through 1.0.1. | |||||
| CVE-2024-56001 | 2024-12-16 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through 1.1.1. | |||||
| CVE-2024-55998 | 2024-12-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in dusthazard Popup Surveys & Polls for WordPress (Mare.io) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through 1.36. | |||||
| CVE-2024-55996 | 2024-12-16 | N/A | 6.1 MEDIUM | ||
| Missing Authorization vulnerability in Dreamfox Dreamfox Media Payment gateway per Product for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through 3.5.6. | |||||