Total
1956 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29761 | 1 Urbanandroid | 1 Sleep | 2025-01-06 | N/A | 5.5 MEDIUM |
| An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | |||||
| CVE-2023-29759 | 1 Flightaware | 1 Flightaware | 2025-01-06 | N/A | 5.5 MEDIUM |
| An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files. | |||||
| CVE-2023-29758 | 1 Leap | 1 Blue Light Filter | 2025-01-06 | N/A | 5.5 MEDIUM |
| An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | |||||
| CVE-2023-27716 | 1 Kafkaui-lite Project | 1 Kafkaui-lite | 2025-01-06 | N/A | 9.8 CRITICAL |
| An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it. | |||||
| CVE-2023-32220 | 1 Milesight | 2 Ncr\/camera, Ncr\/camera Firmware | 2025-01-06 | N/A | 8.2 HIGH |
| Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method. | |||||
| CVE-2023-32219 | 1 Mazda | 2 Mazda, Mazda Firmware | 2025-01-06 | N/A | 6.5 MEDIUM |
| A Mazda model (2015-2016) can be unlocked via an unspecified method. | |||||
| CVE-2023-21245 | 1 Google | 1 Android | 2025-01-06 | N/A | 7.8 HIGH |
| In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-24546 | 1 Arista | 1 Cloudvision Portal | 2025-01-06 | N/A | 8.1 HIGH |
| On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service. | |||||
| CVE-2024-12831 | 1 Arista | 1 Ng Firewall | 2025-01-03 | N/A | 7.8 HIGH |
| Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the uvm_login module. The issue results from incorrect authorization. An attacker can leverage this to escalate privileges to resources normally protected from the user. Was ZDI-CAN-24324. | |||||
| CVE-2024-56348 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents | |||||
| CVE-2024-56350 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects | |||||
| CVE-2024-39025 | 2024-12-31 | N/A | 7.5 HIGH | ||
| Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data. | |||||
| CVE-2022-31644 | 1 Hp | 654 Dragonfly Folio G3 2-in-1, Dragonfly Folio G3 2-in-1 Firmware, Elite Dragonfly and 651 more | 2024-12-30 | N/A | 7.8 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | |||||
| CVE-2022-31646 | 1 Hp | 654 Dragonfly Folio G3 2-in-1, Dragonfly Folio G3 2-in-1 Firmware, Elite Dragonfly and 651 more | 2024-12-30 | N/A | 7.8 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | |||||
| CVE-2024-47157 | 2024-12-27 | N/A | 2.9 LOW | ||
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2024-47148 | 2024-12-26 | N/A | 4.0 MEDIUM | ||
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2023-38035 | 1 Ivanti | 1 Mobileiron Sentry | 2024-12-20 | N/A | 9.8 CRITICAL |
| A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | |||||
| CVE-2024-38856 | 1 Apache | 1 Ofbiz | 2024-12-20 | N/A | 9.8 CRITICAL |
| Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints). | |||||
| CVE-2023-4617 | 2024-12-19 | N/A | 10.0 CRITICAL | ||
| Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in versions before 5.9. | |||||
| CVE-2018-9374 | 1 Google | 1 Android | 2024-12-18 | N/A | 7.8 HIGH |
| In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |||||