Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40106 | 1 Google | 1 Android | 2024-12-13 | N/A | 7.8 HIGH |
| In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-41647 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. | |||||
| CVE-2024-26119 | 1 Adobe | 1 Experience Manager | 2024-12-13 | N/A | 5.3 MEDIUM |
| Adobe Experience Manager versions 6.5.19 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-11948 | 1 Gfi | 1 Archiver | 2024-12-13 | N/A | 9.8 CRITICAL |
| GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Telerik Web UI. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-24041. | |||||
| CVE-2024-45104 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-13 | N/A | 6.5 MEDIUM |
| A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call. | |||||
| CVE-2024-45103 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-13 | N/A | 4.3 MEDIUM |
| A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. | |||||
| CVE-2024-54503 | 1 Apple | 2 Ipados, Iphone Os | 2024-12-13 | N/A | 4.2 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled. | |||||
| CVE-2024-54477 | 1 Apple | 1 Macos | 2024-12-13 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data. | |||||
| CVE-2024-54485 | 1 Apple | 2 Ipados, Iphone Os | 2024-12-13 | N/A | 2.4 LOW |
| The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.3, iOS 18.2 and iPadOS 18.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen. | |||||
| CVE-2024-54489 | 1 Apple | 1 Macos | 2024-12-13 | N/A | 7.8 HIGH |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Running a mount command may unexpectedly execute arbitrary code. | |||||
| CVE-2024-44200 | 1 Apple | 2 Ipados, Iphone Os | 2024-12-13 | N/A | 3.3 LOW |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to read sensitive location information. | |||||
| CVE-2024-44201 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-12-13 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, macOS Ventura 13.7.2, iOS 18.1 and iPadOS 18.1, macOS Sonoma 14.7.2. Processing a malicious crafted file may lead to a denial-of-service. | |||||
| CVE-2024-44299 | 1 Apple | 2 Ipados, Iphone Os | 2024-12-13 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. | |||||
| CVE-2024-54515 | 1 Apple | 1 Macos | 2024-12-13 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to gain root privileges. | |||||
| CVE-2024-54513 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-12-13 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access sensitive user data. | |||||
| CVE-2024-1947 | 1 Gitlab | 1 Gitlab | 2024-12-13 | N/A | 6.5 MEDIUM |
| A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. | |||||
| CVE-2024-1952 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | N/A | 4.3 MEDIUM |
| Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of. | |||||
| CVE-2024-1942 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | N/A | 4.3 MEDIUM |
| Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of. | |||||
| CVE-2024-9164 | 1 Gitlab | 1 Gitlab | 2024-12-13 | N/A | 8.8 HIGH |
| An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches. | |||||
| CVE-2024-29221 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | N/A | 3.8 LOW |
| Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the "Add Members" permission was explicitly removed from team admins. | |||||