Total
1021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44760 | 1 Sunmochina | 1 Enterprise Management System | 2024-11-15 | N/A | 7.5 HIGH |
| Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server. | |||||
| CVE-2024-5474 | 1 Lenovo | 1 Dolby Vision Provisioning | 2024-11-15 | N/A | 5.5 MEDIUM |
| A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue. | |||||
| CVE-2024-40661 | 2024-11-15 | N/A | 7.8 HIGH | ||
| In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-43086 | 2024-11-15 | N/A | 5.5 MEDIUM | ||
| In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-29083 | 2024-11-15 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-25647 | 2024-11-15 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-43089 | 2024-11-15 | N/A | 7.8 HIGH | ||
| In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-43085 | 2024-11-15 | N/A | 7.8 HIGH | ||
| In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40660 | 2024-11-15 | N/A | 7.8 HIGH | ||
| In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-21820 | 2024-11-15 | N/A | 7.2 HIGH | ||
| Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-43081 | 2024-11-15 | N/A | 7.8 HIGH | ||
| In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-52551 | 2024-11-15 | N/A | 8.0 HIGH | ||
| Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved. | |||||
| CVE-2024-35201 | 2024-11-15 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access. | |||||
| CVE-2024-42188 | 2024-11-15 | N/A | 3.7 LOW | ||
| HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. | |||||
| CVE-2024-49504 | 2024-11-13 | N/A | N/A | ||
| grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. | |||||
| CVE-2024-21937 | 2024-11-13 | N/A | 7.3 HIGH | ||
| Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | |||||
| CVE-2024-21946 | 2024-11-13 | N/A | 7.3 HIGH | ||
| Incorrect default permissions in the AMD RyzenTM Master Utility installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | |||||
| CVE-2024-21958 | 2024-11-13 | N/A | 7.3 HIGH | ||
| Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2024-21938 | 2024-11-13 | N/A | 7.3 HIGH | ||
| Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2024-21945 | 2024-11-13 | N/A | 7.3 HIGH | ||
| Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | |||||