Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 30004 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-40106 1 Google 1 Android 2024-12-13 N/A 7.8 HIGH
In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-40111 1 Google 1 Android 2024-12-13 N/A 7.8 HIGH
In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of system_server due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-41647 1 Openrobotics 1 Robot Operating System 2024-12-13 N/A 9.8 CRITICAL
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller.
CVE-2024-0014 1 Google 1 Android 2024-12-13 N/A 7.8 HIGH
In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-20767 1 Adobe 1 Coldfusion 2024-12-13 N/A 7.4 HIGH
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.
CVE-2024-26119 1 Adobe 1 Experience Manager 2024-12-13 N/A 5.3 MEDIUM
Adobe Experience Manager versions 6.5.19 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction.
CVE-2024-11948 1 Gfi 1 Archiver 2024-12-13 N/A 9.8 CRITICAL
GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Telerik Web UI. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-24041.
CVE-2024-45104 1 Lenovo 1 Xclarity Administrator 2024-12-13 N/A 6.3 MEDIUM
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
CVE-2024-45103 1 Lenovo 1 Xclarity Administrator 2024-12-13 N/A 4.3 MEDIUM
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
CVE-2024-54503 1 Apple 2 Ipados, Iphone Os 2024-12-13 N/A 4.2 MEDIUM
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled.
CVE-2024-54489 1 Apple 1 Macos 2024-12-13 N/A 7.8 HIGH
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Running a mount command may unexpectedly execute arbitrary code.
CVE-2024-54485 1 Apple 2 Ipados, Iphone Os 2024-12-13 N/A 2.4 LOW
The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.3, iOS 18.2 and iPadOS 18.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.
CVE-2024-54477 1 Apple 1 Macos 2024-12-13 N/A 5.5 MEDIUM
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data.
CVE-2024-44201 1 Apple 3 Ipados, Iphone Os, Macos 2024-12-13 N/A 5.5 MEDIUM
The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, macOS Ventura 13.7.2, iOS 18.1 and iPadOS 18.1, macOS Sonoma 14.7.2. Processing a malicious crafted file may lead to a denial-of-service.
CVE-2024-44200 1 Apple 2 Ipados, Iphone Os 2024-12-13 N/A 3.3 LOW
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to read sensitive location information.
CVE-2024-44248 1 Apple 1 Macos 2024-12-13 N/A 6.5 MEDIUM
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A user with screen sharing access may be able to view another user's screen.
CVE-2024-44290 1 Apple 3 Ipados, Iphone Os, Watchos 2024-12-13 N/A 3.3 LOW
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1. An app may be able to determine a user’s current location.
CVE-2024-44291 1 Apple 1 Macos 2024-12-13 N/A 7.8 HIGH
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges.
CVE-2024-44299 1 Apple 2 Ipados, Iphone Os 2024-12-13 N/A 9.8 CRITICAL
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.
CVE-2024-44300 1 Apple 1 Macos 2024-12-13 N/A 5.5 MEDIUM
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access protected user data.