Lucene search
+L

160 matches found

OSV
OSV
added 2023/05/31 12:15 a.m.9 views

CVE-2023-28353

An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to...

8.8CVSS7.4AI score0.01362EPSS
Exploits1References2
OSV
OSV
added 2023/05/09 7:58 p.m.23 views

GHSA-93XX-CVMC-9W3V On a compromised node, the fluid-csi service account can be used to modify node specs

Impact If a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid node-daemonset, he/she can leverage the fluid-csi service account to modify specs of all the nodes in the cluster. However, since this service account lacks "list node"...

4CVSS6.4AI score0.00236EPSS
Exploits0References6
NVD
NVD
added 2023/05/08 6:15 p.m.38 views

CVE-2023-30840

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...

7.8CVSS6.4AI score0.00236EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/04/18 3:51 p.m.22 views

CVE-2023-28142 Race Condition

A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on...

6.7CVSS7.2AI score0.00131EPSS
Exploits0References1
OSV
OSV
added 2023/02/16 6:15 p.m.4 views

CVE-2023-24485

Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app...

7.8CVSS7.2AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/13 12:0 a.m.6 views

PT-2023-5480 · Lg · Lg Simple Editor

Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. The specific flaw exists within the implementation of the...

10CVSS7.5AI score0.02388EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2022/11/14 12:0 a.m.330 views

Backdoor.Win32.RemServ.d MVID-2022-0655 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/05a082d441d9cf365749c0e1eb904c85.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RemServ.d Vulnerability: Unauthenticated Remote Command Execution Family:...

0.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/11/08 12:0 a.m.8 views

PT-2022-5515 · Microsoft · Windows System Monitor

Name of the Vulnerable Software and Affected Versions: Microsoft Windows System Monitor Sysmon affected versions not specified Description: The issue is related to insufficient access control in the Microsoft Windows System Monitor Sysmon service, which can allow an attacker to elevate their...

7.8CVSS8.1AI score0.01082EPSS
Exploits0References11
CNNVD
CNNVD
added 2022/09/22 12:0 a.m.5 views

Crestron AirMedia 安全漏洞

Crestron AirMedia is Crestron's unlimited sharing platform for laptops, PCs, smartphones or tablets. A security vulnerability exists in Crestron AirMedia for Windows prior to version 5.5.1.84, which stems from insecure inherited privileges, and can be exploited by an attacker to initiate a system...

8.8CVSS7.8AI score0.00587EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/08/31 12:0 a.m.7 views

PT-2022-22150 · Dell · Dell Command | Integration Suite For System Center

Name of the Vulnerable Software and Affected Versions: Dell Command | Integration Suite for System Center versions prior to 6.2.0 Description: The issue allows a locally authenticated malicious user to potentially perform an arbitrary file write as system, due to an arbitrary file write...

7.8CVSS7.7AI score0.00216EPSS
Exploits0References2
OSV
OSV
added 2022/07/25 7:15 p.m.2 views

CVE-2022-35870

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

7.8CVSS6.2AI score
Exploits0References2
OSV
OSV
added 2022/07/18 3:15 p.m.7 views

CVE-2022-34900

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 39313 Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...

7.8CVSS6.2AI score0.00423EPSS
Exploits0References2
OSV
OSV
added 2022/06/15 7:15 p.m.8 views

CVE-2022-31218

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation o...

7.8CVSS7.2AI score0.00315EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/06/15 12:0 a.m.11 views

PT-2022-20614 · Abb · Abb Automation Builder +1

Name of the Vulnerable Software and Affected Versions: ABB Automation Builder Drive Composer affected versions not specified Description: The issue allows a low-privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content, provided the file does n...

7.8CVSS7AI score0.00315EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/05/20 1:15 p.m.2 views

CVE-2022-26634

HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level...

7.8CVSS7.1AI score0.00435EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2022/05/17 1:19 p.m.51 views

iPhones Vulnerable to Attack Even When Turned Off

Attackers can target iPhones even when they are turned off due to how Apple implements standalone wireless features Bluetooth, Near Field Communication NFC and Ultra-wideband UWB technologies in the device, researchers have found. These features—which have access to the iPhone’s Secure Element SE...

7.8AI score
Exploits0References3
CNNVD
CNNVD
added 2022/01/18 12:0 a.m.10 views

Advantech 安全漏洞

Advantech DeviceOn/iEdge Server is industrial device intelligence software that enables non-intelligent devices to have IoT connectivity management capabilities.Advantech DeviceOn/iEdge Server elevation of privilege vulnerability can be exploited by attackers to gain elevated privileges to NT...

8.8CVSS5.6AI score0.00365EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/01/10 12:0 a.m.7 views

PT-2022-6124 · Microsoft · Windows Backup Service +1

Name of the Vulnerable Software and Affected Versions: Windows Backup Service versions prior to the fixed version Description: The issue is related to errors in privilege management within the Windows Backup Service, allowing an attacker to elevate their privileges to the level of SYSTEM. This ca...

7.1CVSS9.2AI score0.05327EPSS
Exploits2References22
OSV
OSV
added 2021/12/08 3:15 p.m.13 views

CVE-2021-42835

An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker with a foothold in a endpoint via a low-privileged user account can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC...

7CVSS6.2AI score0.01166EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/03/02 12:0 a.m.4 views

Microsoft Exchange Server 代码问题漏洞

Exchange is a messaging and collaboration system that is a suite of e-mail service components from Microsoft. Microsoft Exchange Server deserialization vulnerability, which requires administrator privileges, can be exploited by an attacker to be able to run code as SYSTEM on Exchange Server...

7.8CVSS5.8AI score0.94008EPSS
Exploits5References3
Rows per page
Query Builder