Lucene search
K

56 matches found

Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.15 views

PT-2025-36066

Name of the Vulnerable Software and Affected Versions: AccountManagerService affected versions not specified Description: An application may access privileged APIs due to a confused deputy condition within the isSystemUid function of AccountManagerService.java. This could result in local privileg...

5.5CVSS6.2AI score0.00088EPSS
Exploits0References5
NVD
NVD
added 2025/09/03 6:15 a.m.5 views

CVE-2025-21031

Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs...

6.8CVSS0.00126EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/03 6:5 a.m.4 views

CVE-2025-21031

Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs...

6.8CVSS5.9AI score0.00126EPSS
Exploits0References1
CVE
CVE
added 2025/09/03 6:5 a.m.16 views

CVE-2025-21031

CVE-2025-21031 concerns an improper access control in ImsService prior to Samsung SMR Sep-2025 Release 1, enabling local attackers to invoke privileged APIs. Affected: ImsService on Samsung Mobile devices. Root cause: insufficient access restrictions that permit privileged API usage from local co...

6.8CVSS5.9AI score0.00126EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.4 views

PT-2025-35685

Name of the Vulnerable Software and Affected Versions: ImsService versions prior to SMR Sep-2025 Release 1 Description: An improper access control issue exists in ImsService. This allows local attackers to utilize privileged APIs. Recommendations: Update ImsService to SMR Sep-2025 Release 1 or...

6.8CVSS6AI score0.00126EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/08/09 1:56 a.m.10 views

CVE-2025-54997

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections...

9.1CVSS7.1AI score0.00371EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/05/09 12:0 a.m.8 views

The software of the centralized backup and disaster recovery system of Dell PowerProtect Data Manager is vulnerable due to errors in the use of privileged application programming interfaces (APIs). This vulnerability allows a malicious individual to escalate their privileges.

The vulnerability of the software for centralized backup and disaster recovery management in Dell PowerProtect Data Manager is related to errors when privileged application programming interfaces are used. Exploiting this vulnerability can allow an attacker to gain increased privileges...

7.8CVSS5.5AI score0.00122EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.5 views

SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung mobile applications. SAMSUNG SMR suffers from a security vulnerability that stems from mishandling of insufficient privileges, which could lead to the use of privileged APIs by a...

4CVSS6.3AI score0.00111EPSS
Exploits0References1
OSV
OSV
added 2025/04/28 3:15 p.m.2 views

CVE-2025-23375

Dell PowerProtect Data Manager Reporting, versions 19.17, contains an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

7.8CVSS5.8AI score0.00122EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/02 12:0 a.m.19 views

The vulnerability of the XWiki platform for creating collaborative web applications lies in errors that occur when using privileged application programming interfaces (APIs). This allows a malicious individual to gain access to read, modify, and delete user accounts.

The vulnerability of the XWiki Platform relates to errors that occur when using privileged application programming interfaces APIs. Exploiting this vulnerability can allow a malicious actor to gain access to read, modify, and delete user accounts...

6.8CVSS5.5AI score0.00519EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

Nebula Informatics SecHard 安全漏洞

Nebula Informatics SecHard is a multi-module software for implementing a zero-trust architecture from Nebula Informatics. A security vulnerability exists in versions prior to Nebula Informatics SecHard 3.3.0.20220411 that stems from improper use of privileged APIs, plaintext transfer of sensitive...

9CVSS6.7AI score0.00162EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.15 views

PT-2025-12330

Name of the Vulnerable Software and Affected Versions Nebula Informatics SecHard versions prior to 3.3.0.20220411 Description The issue is related to the incorrect use of privileged APIs, cleartext transmission of sensitive information, and insufficiently protected credentials. This allows for...

9CVSS5.4AI score0.00162EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2024/12/16 12:0 a.m.10 views

The vulnerability of the WhatsUp Gold network infrastructure monitoring system, related to errors when using privileged application programming interfaces (APIs), allows a hacker to execute arbitrary code.

The vulnerability of the WhatsUp Gold network infrastructure monitoring system is related to errors when privileged application programming interfaces APIs are used. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS8.4AI score0.09741EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/13 12:0 a.m.9 views

The vulnerability of the D-Link DSL6740C modem’s microprogramming software lies in errors that occur when privileged application programming interfaces are used. This allows a perpetrator to gain access to the device.

The vulnerability of the D-Link DSL6740C modem’s microprogramming software is related to errors that occur when privileged application programming interfaces APIs are used. Exploiting this vulnerability can allow a malicious actor to gain access to the device by sending a specially crafted API...

10CVSS5.5AI score0.01174EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/09/03 12:0 a.m.20 views

Mozilla Firefox ESR < 128.2

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-40 advisory. - Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs...

9.8CVSS8.2AI score0.04395EPSS
Exploits1References8
Mozilla
Mozilla
added 2024/09/03 12:0 a.m.24 views

Security Vulnerabilities fixed in Firefox ESR 128.2 — Mozilla

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. Internal browser...

9.8CVSS10AI score0.04395EPSS
Exploits1References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/04/05 12:15 p.m.6 views

CVE-2023-6522

Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3914...

7.2CVSS5.8AI score0.00307EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/15 12:0 a.m.6 views

PT-2024-13834

Name of the Vulnerable Software and Affected Versions SoliPay Mobile App versions prior to 5.0.8 Description The issue is related to an Incorrect Use of Privileged APIs, also described as an Improper Privilege Management vulnerability, in the SoliPay Mobile App. This vulnerability allows for the...

7.5CVSS7.1AI score0.00448EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/02/13 12:0 a.m.5 views

PT-2024-1743 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Unicam FX All versions Description: The issue is related to the incorrect use of privileged APIs in the Windows installer agent used by Unicam FX. This could allow an attacker to perform a local privilege escalation attack by exploiting the...

7.8CVSS7.3AI score0.00148EPSS
Exploits0References8
OSV
OSV
added 2023/11/28 10:15 a.m.4 views

CVE-2023-6151

Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105...

7.5CVSS5.8AI score0.00596EPSS
Exploits0References1
Rows per page
Query Builder