Total
1236 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33291 | 1 Ebankit | 1 Ebankit | 2025-01-14 | N/A | 7.4 HIGH |
| In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.) | |||||
| CVE-2023-29733 | 1 Dualspace | 1 Lock Master | 2025-01-14 | N/A | 7.8 HIGH |
| The Lock Master app 2.2.4 for Android allows unauthorized apps to modify the values in its SharedPreference files. These files hold data that affects many app functions. Malicious modifications by unauthorized apps can cause security issues, such as functionality manipulation, resulting in a severe escalation of privilege attack. | |||||
| CVE-2024-56447 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | N/A | 7.8 HIGH |
| Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-56440 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | N/A | 6.2 MEDIUM |
| Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2023-29731 | 1 Loka | 1 Solive | 2025-01-13 | N/A | 7.5 HIGH |
| SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service. | |||||
| CVE-2023-52954 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | N/A | 4.4 MEDIUM |
| Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-32861 | 2025-01-13 | N/A | 7.8 HIGH | ||
| Under certain circumstances the impacted Software House C•CURE 9000 installer will utilize unnecessarily wide permissions. | |||||
| CVE-2024-55225 | 2025-01-10 | N/A | 9.8 CRITICAL | ||
| An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request. | |||||
| CVE-2024-46464 | 2025-01-10 | N/A | 7.8 HIGH | ||
| In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege. | |||||
| CVE-2022-45853 | 1 Zyxel | 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more | 2025-01-10 | N/A | 6.7 MEDIUM |
| The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH. | |||||
| CVE-2023-29732 | 1 Loka | 1 Solive | 2025-01-09 | N/A | 9.8 CRITICAL |
| SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions. | |||||
| CVE-2024-43176 | 2025-01-09 | N/A | 5.4 MEDIUM | ||
| IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. | |||||
| CVE-2024-13206 | 2025-01-09 | 6.8 MEDIUM | 7.8 HIGH | ||
| A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-13188 | 2025-01-08 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-43902 | 1 Emsigner | 1 Emsigner | 2025-01-08 | N/A | 9.8 CRITICAL |
| Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token. | |||||
| CVE-2022-41572 | 2025-01-08 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server. | |||||
| CVE-2023-23583 | 3 Debian, Intel, Netapp | 443 Debian Linux, Core I3-1005g1, Core I3-1005g1 Firmware and 440 more | 2025-01-07 | N/A | 8.8 HIGH |
| Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. | |||||
| CVE-2023-41718 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | N/A | 7.8 HIGH |
| When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. | |||||
| CVE-2023-35080 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | N/A | 7.8 HIGH |
| A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. | |||||
| CVE-2021-27285 | 2025-01-07 | N/A | 8.4 HIGH | ||
| An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell. | |||||