160 matches found
CVE-2023-28353
An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to...
GHSA-93XX-CVMC-9W3V On a compromised node, the fluid-csi service account can be used to modify node specs
Impact If a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid node-daemonset, he/she can leverage the fluid-csi service account to modify specs of all the nodes in the cluster. However, since this service account lacks "list node"...
CVE-2023-30840
Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...
CVE-2023-28142 Race Condition
A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on...
CVE-2023-24485
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app...
PT-2023-5480 · Lg · Lg Simple Editor
Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. The specific flaw exists within the implementation of the...
Backdoor.Win32.RemServ.d MVID-2022-0655 Remote Command Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/05a082d441d9cf365749c0e1eb904c85.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RemServ.d Vulnerability: Unauthenticated Remote Command Execution Family:...
PT-2022-5515 · Microsoft · Windows System Monitor
Name of the Vulnerable Software and Affected Versions: Microsoft Windows System Monitor Sysmon affected versions not specified Description: The issue is related to insufficient access control in the Microsoft Windows System Monitor Sysmon service, which can allow an attacker to elevate their...
Crestron AirMedia 安全漏洞
Crestron AirMedia is Crestron's unlimited sharing platform for laptops, PCs, smartphones or tablets. A security vulnerability exists in Crestron AirMedia for Windows prior to version 5.5.1.84, which stems from insecure inherited privileges, and can be exploited by an attacker to initiate a system...
PT-2022-22150 · Dell · Dell Command | Integration Suite For System Center
Name of the Vulnerable Software and Affected Versions: Dell Command | Integration Suite for System Center versions prior to 6.2.0 Description: The issue allows a locally authenticated malicious user to potentially perform an arbitrary file write as system, due to an arbitrary file write...
CVE-2022-35870
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...
CVE-2022-34900
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 39313 Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...
CVE-2022-31218
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation o...
PT-2022-20614 · Abb · Abb Automation Builder +1
Name of the Vulnerable Software and Affected Versions: ABB Automation Builder Drive Composer affected versions not specified Description: The issue allows a low-privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content, provided the file does n...
CVE-2022-26634
HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level...
iPhones Vulnerable to Attack Even When Turned Off
Attackers can target iPhones even when they are turned off due to how Apple implements standalone wireless features Bluetooth, Near Field Communication NFC and Ultra-wideband UWB technologies in the device, researchers have found. These features—which have access to the iPhone’s Secure Element SE...
Advantech 安全漏洞
Advantech DeviceOn/iEdge Server is industrial device intelligence software that enables non-intelligent devices to have IoT connectivity management capabilities.Advantech DeviceOn/iEdge Server elevation of privilege vulnerability can be exploited by attackers to gain elevated privileges to NT...
PT-2022-6124 · Microsoft · Windows Backup Service +1
Name of the Vulnerable Software and Affected Versions: Windows Backup Service versions prior to the fixed version Description: The issue is related to errors in privilege management within the Windows Backup Service, allowing an attacker to elevate their privileges to the level of SYSTEM. This ca...
CVE-2021-42835
An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker with a foothold in a endpoint via a low-privileged user account can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC...
Microsoft Exchange Server 代码问题漏洞
Exchange is a messaging and collaboration system that is a suite of e-mail service components from Microsoft. Microsoft Exchange Server deserialization vulnerability, which requires administrator privileges, can be exploited by an attacker to be able to run code as SYSTEM on Exchange Server...