Lucene search
K

482 matches found

NVD
NVD
added 2025/05/22 5:15 p.m.10 views

CVE-2025-46715

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, ApiGetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write t...

7.8CVSS0.00202EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:26 a.m.6 views

CVE-2019-13208

WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1.9.29.0...

7.3CVSS7.2AI score0.00422EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:27 p.m.5 views

CVE-2002-1946

Videsh Sanchar Nigam Limited VSNL Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme one-to-one mapping in a registry key, which allows local users to obtain and decrypt the password...

5.5CVSS6.8AI score0.00125EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/05/21 12:0 a.m.2 views

Windows App Installer (Windows SMB Login)

SMB login-based detection of Windows App Installer SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2025/04/15 12:0 a.m.9 views

Microsoft Edge Update Setup (Chromium-based) Detection (Windows SMB Login)

This script detects the installed version of Microsoft Edge Update Setup Chromium-based for Windows. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.2AI score
Exploits0
NVD
NVD
added 2025/02/11 11:15 a.m.6 views

CVE-2025-23403

A vulnerability has been identified in SIMATIC IPC DiagBase All versions, SIMATIC IPC DiagMonitor All versions. The affected device do not properly restrict the user permission for the registry key. This could allow an authenticated attacker to load vulnerable drivers into the system leading to...

7.3CVSS0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/11 10:29 a.m.13 views

CVE-2025-23403

A vulnerability has been identified in SIMATIC IPC DiagBase All versions, SIMATIC IPC DiagMonitor All versions. The affected device do not properly restrict the user permission for the registry key. This could allow an authenticated attacker to load vulnerable drivers into the system leading to...

7.3CVSS0.0014EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.9 views

PT-2025-6202 · Siemens · Simatic Ipc Diagmonitor +1

Name of the Vulnerable Software and Affected Versions: SIMATIC IPC DiagBase All versions SIMATIC IPC DiagMonitor All versions Description: A vulnerability has been identified where the affected devices do not properly restrict user permissions for the registry key. This could allow an authenticat...

7.3CVSS7.5AI score0.0014EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/01/22 12:0 a.m.3 views

PT-2025-6472 · Kaspersky · Kaspersky Security Cloud +11

Name of the Vulnerable Software and Affected Versions: Kaspersky Virus Removal Tool for Windows affected versions not specified Kaspersky Endpoint Security for Windows affected versions not specified Kaspersky Security for Virtualization Light Agent affected versions not specified Kaspersky...

4.6CVSS7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.3 views

PT-2025-1212 · Microsoft · Windows Bitlocker +1

Name of the Vulnerable Software and Affected Versions: Windows BitLocker affected versions not specified Description: A critical issue in Windows BitLocker exposes the encryption mechanism to a novel randomization attack targeting the AES-XTS mode. This allows attackers to bypass BitLocker...

4.2CVSS9.3AI score0.01108EPSS
Exploits0References28
OSV
OSV
added 2024/12/02 3:15 p.m.31 views

CVE-2024-8785

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEYLOCALMACHINE\SOFTWARE\WOW6432Node\Ipswitch...

5.3CVSS5.8AI score0.09504EPSS
Exploits0References3
GoogleProjectZero
GoogleProjectZero
added 2024/10/25 12:0 a.m.29 views

The Windows Registry Adventure #4: Hives and the registry layout

Posted by Mateusz Jurczyk, Google Project Zero To a normal user or even a Win32 application developer, the registry layout may seem simple: there are five root keys that we know from Regedit abbreviated as HKCR, HKLM, HKCU, HKU and HKCC, and each of them contains a nested tree structure that serv...

7.8CVSS6.4AI score0.08698EPSS
Exploits0
NVD
NVD
added 2024/09/04 5:15 p.m.39 views

CVE-2024-20503

A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability ...

5.5CVSS0.00108EPSS
Exploits0References1
OSV
OSV
added 2024/09/04 5:15 p.m.4 views

CVE-2024-20503

A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability ...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References1
CVE
CVE
added 2024/09/04 4:29 p.m.60 views

CVE-2024-20503

CVE-2024-20503 affects Cisco Duo Epic for Hyperdrive. The root cause is improper storage of an unencrypted registry key, allowing a low-privileged, authenticated, local attacker to view sensitive information in cleartext on the affected system. Connected advisories confirm this is a local-informa...

5.5CVSS5.2AI score0.00108EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/04 4:29 p.m.17 views

CVE-2024-20503 Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability

A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability ...

5.5CVSS6.5AI score0.00108EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/04 4:29 p.m.26 views

CVE-2024-20503 Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability

A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability ...

5.5CVSS0.00108EPSS
Exploits0References1
Cisco
Cisco
added 2024/09/04 4:0 p.m.20 views

Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability

A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability ...

5.5CVSS5.2AI score0.00108EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/11 12:0 a.m.7 views

PT-2024-6530 · Cisco · Cisco Duo Epic For Hyperdrive

Name of the Vulnerable Software and Affected Versions: Cisco Duo Epic for Hyperdrive affected versions not specified Description: The issue is related to insufficient protection of service data, which could allow an authenticated, local attacker to view sensitive information in cleartext on an...

5.5CVSS6.5AI score0.00108EPSS
Exploits0References6
Qualys Blog
Qualys Blog
added 2024/07/30 12:50 p.m.39 views

Qualys Announces TruRisk Eliminate to Augment Patching

About 5 years ago, we launched Qualys Patch Management to empower our customers to not just detect and prioritize vulnerabilities but also effectively remediate them. Since then, we have assisted our customers in addressing hundreds of millions of vulnerabilities, significantly enhancing the...

8.8CVSS9AI score0.99759EPSS
Exploits57
Rows per page
Query Builder