Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-40805

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-29 Jul, 2024 | 22:17
Updated At-02 Aug, 2024 | 04:39
Rejected At-
Credits

A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:29 Jul, 2024 | 22:17
Updated At:02 Aug, 2024 | 04:39
Rejected At:
▼CVE Numbering Authority (CNA)

A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.

Affected Products
Vendor
Apple Inc.Apple
Product
iOS and iPadOS
Versions
Affected
  • From unspecified before 17.6 (custom)
Vendor
Apple Inc.Apple
Product
watchOS
Versions
Affected
  • From unspecified before 10.6 (custom)
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From unspecified before 14.6 (custom)
Vendor
Apple Inc.Apple
Product
tvOS
Versions
Affected
  • From unspecified before 17.6 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AAn app may be able to bypass Privacy preferences
Type: N/A
CWE ID: N/A
Description: An app may be able to bypass Privacy preferences
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT214117
N/A
https://support.apple.com/en-us/HT214124
N/A
https://support.apple.com/en-us/HT214119
N/A
https://support.apple.com/en-us/HT214122
N/A
http://seclists.org/fulldisclosure/2024/Jul/16
N/A
http://seclists.org/fulldisclosure/2024/Jul/21
N/A
http://seclists.org/fulldisclosure/2024/Jul/22
N/A
http://seclists.org/fulldisclosure/2024/Jul/18
N/A
Hyperlink: https://support.apple.com/en-us/HT214117
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT214124
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT214119
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT214122
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/16
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/21
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/22
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/18
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Apple Inc.apple
Product
ios
CPEs
  • cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 17.6 (custom)
Vendor
Apple Inc.apple
Product
watchos
CPEs
  • cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 10.6 (custom)
Vendor
Apple Inc.apple
Product
ipad_os
CPEs
  • cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 17.6 (custom)
Vendor
Apple Inc.apple
Product
tvos
CPEs
  • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 17.6 (custom)
Vendor
Apple Inc.apple
Product
macos
CPEs
  • cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 14.0 before 14.6 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-281CWE-281 Improper Preservation of Permissions
Type: CWE
CWE ID: CWE-281
Description: CWE-281 Improper Preservation of Permissions
Metrics
VersionBase scoreBase severityVector
3.17.7HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT214117
x_transferred
https://support.apple.com/en-us/HT214124
x_transferred
https://support.apple.com/en-us/HT214119
x_transferred
https://support.apple.com/en-us/HT214122
x_transferred
http://seclists.org/fulldisclosure/2024/Jul/16
x_transferred
http://seclists.org/fulldisclosure/2024/Jul/21
x_transferred
http://seclists.org/fulldisclosure/2024/Jul/22
x_transferred
http://seclists.org/fulldisclosure/2024/Jul/18
x_transferred
Hyperlink: https://support.apple.com/en-us/HT214117
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT214124
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT214119
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT214122
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/16
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/21
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/22
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/18
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:29 Jul, 2024 | 23:15
Updated At:10 Dec, 2024 | 14:57

A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Secondary3.17.7HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Apple Inc.
apple
>>ipados>>Versions before 17.6(exclusive)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions before 17.6(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions from 14.0(inclusive) to 14.6(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>tvos>>Versions before 17.6(exclusive)
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>watchos>>Versions before 10.6(exclusive)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-276Primarynvd@nist.gov
CWE-281Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-276
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-281
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2024/Jul/16product-security@apple.com
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/18product-security@apple.com
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/21product-security@apple.com
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/22product-security@apple.com
Mailing List
https://support.apple.com/en-us/HT214117product-security@apple.com
Vendor Advisory
https://support.apple.com/en-us/HT214119product-security@apple.com
Vendor Advisory
https://support.apple.com/en-us/HT214122product-security@apple.com
Vendor Advisory
https://support.apple.com/en-us/HT214124product-security@apple.com
Vendor Advisory
http://seclists.org/fulldisclosure/2024/Jul/16af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/18af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/21af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/22af854a3a-2127-422b-91ae-364da2661108
Mailing List
https://support.apple.com/en-us/HT214117af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://support.apple.com/en-us/HT214119af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://support.apple.com/en-us/HT214122af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://support.apple.com/en-us/HT214124af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/16
Source: product-security@apple.com
Resource:
Mailing List
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/18
Source: product-security@apple.com
Resource:
Mailing List
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/21
Source: product-security@apple.com
Resource:
Mailing List
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/22
Source: product-security@apple.com
Resource:
Mailing List
Hyperlink: https://support.apple.com/en-us/HT214117
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT214119
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT214122
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT214124
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/16
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/18
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/21
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://seclists.org/fulldisclosure/2024/Jul/22
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: https://support.apple.com/en-us/HT214117
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT214119
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT214122
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT214124
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

114Records found
CVE-2024-44149
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.52%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:23
Updated-25 Mar, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-44228
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.29%
||
7 Day CHG+0.02%
Published-28 Oct, 2024 | 21:08
Updated-13 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.

Action-Not Available
Vendor-Apple Inc.
Product-xcodeXcodexcode
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-44223
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-20 Dec, 2024 | 04:06
Updated-06 Jan, 2025 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-44224
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.11%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:57
Updated-07 Jan, 2025 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-44135
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.94%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:23
Updated-19 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-44188
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 8.89%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-19 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-44151
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.52%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-18 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-1831
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.85%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:43
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-3838
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.85%
||
7 Day CHG~0.00%
Published-27 Feb, 2020 | 20:45
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmac_os_xtvOSmacOSwatchOSiOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-8022
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-7.7||HIGH
EPSS-0.20% / 42.73%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 08:20
Updated-17 Sep, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.

Action-Not Available
Vendor-The Apache Software FoundationopenSUSESUSE
Product-linux_enterprise_serveropenstack_cloudtomcatenterprise_storageopenstack_cloud_crowbarleapSUSE Linux Enterprise Server 12-SP5SUSE OpenStack Cloud Crowbar 8SUSE Linux Enterprise Server 12-SP4SUSE Linux Enterprise Server 12-SP2-BCLSUSE Linux Enterprise Server for SAP 12-SP3SUSE OpenStack Cloud 7SUSE Linux Enterprise Server 15-LTSSSUSE Linux Enterprise Server for SAP 12-SP2SUSE Linux Enterprise Server 12-SP3-LTSSSUSE Linux Enterprise Server 12-SP3-BCLSUSE Enterprise Storage 5SUSE OpenStack Cloud 8SUSE Linux Enterprise Server 12-SP2-LTSSSUSE Linux Enterprise Server for SAP 15
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-27155
Matching Score-4
Assigner-Toshiba Corporation
ShareView Details
Matching Score-4
Assigner-Toshiba Corporation
CVSS Score-7.7||HIGH
EPSS-0.06% / 19.45%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 03:18
Updated-13 Feb, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation and Remote Code Execution using insecure permissions

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL.

Action-Not Available
Vendor-Toshiba Tec Corporationtoshibatec
Product-Toshiba Tec e-Studio multi-function peripheral (MFP)e-studio-4528-age-studio-2020_ace-studio-3115-nce-studio-2110-ace-studio-2015-nce-studio-3015-nce-studio-2510-ace-studio-3028-ae-studio-5525_ace-studio-5528-ae-studio-2515-nce-studio-4515_ace-studio-2518_ae-studio-400-ace-studio-3118_ae-studio-3525_ace-studio-3118_age-studio-2528-ae-studio-4615_ace-studio-2520_nce-studio-2618_ae-studio-9029-ae-studio-3018_ae-studio-7527-ace-studio-4525_ace-studio-2018_ae-studio-2021_ace-studio-2521_ace-studio-3025_ace-studio-6525_ace-studio-3528-age-studio-6527-ace-studio-2610-ace-studio-5015_ace-studio-6529-ae-studio-3515-nce-studio-6528-ae-studio-3528-ae-studio-3615-nce-studio-7529-ae-studio-2010-ace-studio-4528-ae-studio-2615-nce-studio-6526-ace-studio-5525_acge-studio-330-ace-studio-5115_ace-studio-2525_ace-studio-6525_acge-studio-3525_acg
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-53934
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.7||HIGH
EPSS-0.02% / 4.75%
||
7 Day CHG~0.00%
Published-06 Jan, 2025 | 00:00
Updated-08 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.frovis.androidbase.call.DialerActivity component.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2021-37000
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.7||HIGH
EPSS-0.02% / 2.38%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 06:47
Updated-18 Mar, 2025 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei wearables have a permission management vulnerability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-255
Not Available
CVE-2024-36495
Matching Score-4
Assigner-SEC Consult Vulnerability Lab
ShareView Details
Matching Score-4
Assigner-SEC Consult Vulnerability Lab
CVSS Score-7.7||HIGH
EPSS-0.04% / 11.61%
||
7 Day CHG~0.00%
Published-24 Jun, 2024 | 08:50
Updated-13 Feb, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Read/Write Permissions for Everyone on Configuration File

The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is: C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd

Action-Not Available
Vendor-Faronicsfaronics
Product-WINSelect (Standard + Enterprise)winselect
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found