A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which ...
7CVSS
6.7AI Score
0.0004EPSS
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating...
7.8CVSS
7.5AI Score
0.0004EPSS
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows...
7.1CVSS
6.8AI Score
0.0004EPSS
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT...
7.8CVSS
7.5AI Score
0.0004EPSS
The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (logplaceholder) which inherits permission giving....
7CVSS
6.6AI Score
0.0004EPSS
The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration...
7.8CVSS
7.6AI Score
0.0004EPSS
An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to.....
8.8CVSS
8.9AI Score
0.001EPSS
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulnerabilities within the Teacher Console...
9.6CVSS
9.3AI Score
0.004EPSS
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a crafted program that functions similarly to the Teacher Console. This can compel Student Consoles to connect and put themselves at risk automatically. Connected Student Consoles can be...
8.8CVSS
8.8AI Score
0.001EPSS
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT...
7.3CVSS
7.6AI Score
0.0004EPSS
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT...
7.8CVSS
7.9AI Score
0.0004EPSS
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows...
7.8CVSS
7.4AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.001EPSS
A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AUTHORITY\SYSTEM level privileges on the Windows instance in Aruba ClearPass...
7.8CVSS
7.8AI Score
0.0004EPSS
A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM...
7.1CVSS
6.7AI Score
0.001EPSS
Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP...
8AI Score
0.012EPSS
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary...
7.4AI Score
0.001EPSS
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password...
6.9AI Score
0.001EPSS
WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file...
7.2AI Score
0.002EPSS
Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the...
7.1AI Score
0.002EPSS
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null...
6.8AI Score
0.43EPSS
Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE...
6.6AI Score
0.001EPSS
Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent...
7AI Score
0.028EPSS
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC...
7.8CVSS
7.6AI Score
0.0004EPSS
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers...
7.5CVSS
8AI Score
0.002EPSS
5.5CVSS
6.5AI Score
0.001EPSS
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as...
7.3CVSS
7.5AI Score
0.0004EPSS
5.5CVSS
6.4AI Score
0.0004EPSS
7CVSS
7.5AI Score
0.0004EPSS
ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT...
7.8CVSS
7.6AI Score
0.001EPSS
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to...
7.8CVSS
7.8AI Score
0.0005EPSS
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to...
7.8CVSS
7.8AI Score
0.0005EPSS
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to...
7.8CVSS
7.8AI Score
0.0005EPSS
Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint...
7.8CVSS
7.4AI Score
0.0004EPSS
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...
NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the...
6.1CVSS
6.2AI Score
0.0004EPSS
5.5CVSS
6.4AI Score
0.0004EPSS
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT...
7CVSS
7AI Score
0.002EPSS
Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing...
7.8CVSS
7.6AI Score
0.0004EPSS
IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a....
7.8CVSS
7.6AI Score
0.0004EPSS
An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent with the HTTP request.....
8.8CVSS
8.5AI Score
0.002EPSS
VERSION NOT SUPPORTED WHEN ASSIGNED A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30,...
9.8CVSS
9AI Score
0.002EPSS
VERSION NOT SUPPORTED WHEN ASSIGNED A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional...
7.5CVSS
7.4AI Score
0.002EPSS
VERSION NOT SUPPORTED WHEN ASSIGNED A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated....
7.5CVSS
7.3AI Score
0.001EPSS
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the...
3.3CVSS
4.1AI Score
0.0004EPSS
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT...
9.9CVSS
9.3AI Score
0.002EPSS
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from...
5.5CVSS
6.5AI Score
0.001EPSS
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343,...
6.5CVSS
7.4AI Score
0.059EPSS
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1346,...
6.5CVSS
7.4AI Score
0.059EPSS
Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other...
7.8CVSS
7.6AI Score
0.001EPSS