CVE-2024-51888 |
Description: Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation. This issue affects Homey Login Register: from n/a through 2.4.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-51818 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-51417 |
Description: An issue in System.Linq.Dynamic.Core Latest version v.1.4.6 allows remote access to properties on reflection types and static properties/fields.
EPSS Score: 0.05%
January 22nd, 2025 (6 months ago)
|
CVE-2024-50633 |
Description: A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain information about other user accounts (this functionality is, in the current design, not restricted to any privileged roles such as event organizer).
CVSS: NONE (0.0) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-49748 |
Description: In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-49747 |
Description: In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-49745 |
Description: In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-49744 |
Description: In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-49738 |
Description: In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-49737 |
Description: In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|