Lucene search
+L

376 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:51 p.m.6 views

CVE-2020-21522

An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system...

9.8CVSS6.9AI score0.01532EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:38 p.m.8 views

CVE-2020-10883

This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...

7.8CVSS6.7AI score0.05898EPSS
Exploits4References1
NVD
NVD
added 2025/05/22 5:15 p.m.18 views

CVE-2025-43596

An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary file backup target. Upgrade to MSP360 Backup 8.1.1.19 released on 2025-05-15...

9.8CVSS0.00353EPSS
Exploits0References4
CVE
CVE
added 2025/05/22 4:49 p.m.50 views

CVE-2025-43596

The CVE-2025-43596 entry concerns MSP360 Backup (MSP360 Backup for Windows) with an insecure filesystem permissions issue in version 8.0 that lets a low-privileged user run commands with SYSTEM privileges via a specially crafted backup target file. Reported impact in public sources notes high/cri...

9.8CVSS7.8AI score0.00353EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 a.m.11 views

CVE-2019-3567

In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permission...

9.3CVSS6.9AI score0.0166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:19 a.m.6 views

CVE-2019-15464

The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000100, versionName=7.0.1.0 that allows other pre-installed ap...

7.8CVSS6.7AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/03 10:11 p.m.29 views

CVE-2025-43595

An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Upgrade to MSP360 Backup 4.4 released on 2025-04-22...

8.5CVSS7.3AI score0.00363EPSS
Exploits0References3
NVD
NVD
added 2025/05/01 10:15 p.m.31 views

CVE-2025-43595

An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Upgrade to MSP360 Backup 4.4 released on 2025-04-22...

9.8CVSS0.00363EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/01 9:12 p.m.31 views

CVE-2025-43595 MSP360 Backup (for Linux) insecure filesystem permissions

An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Upgrade to MSP360 Backup 4.4 released on 2025-04-22...

8.5CVSS0.00363EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/02/28 4:26 p.m.3 views

Security update for azure-cli

This update for azure-cli fixes the following issues: CVE-2024-43591: improper neutralization of special elements could allow users to run Azure CLI commands that result in certain service management operations being performed with System level permissions in Azure Defender for Cloud bsc1231971...

8.7CVSS9.5AI score0.01632EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/25 12:0 a.m.4 views

Gradle 安全漏洞

Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle that stems from improper permissions on the system's temporary directory. An attacker can elevate privileges by exploiting the...

8.8CVSS8.3AI score0.00229EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/02/20 12:0 a.m.5 views

Dell RecoverPoint for Virtual Machines 安全漏洞

Dell RecoverPoint for Virtual Machines is Dell's disaster recovery solution for VMware virtual environments, designed to simplify data protection and disaster recovery processes for virtual machines and ensure business continuity. Dell RecoverPoint for Virtual Machines is vulnerable to a weak fil...

5.5CVSS6.8AI score0.00129EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 12:46 p.m.9 views

CVE-2023-52291

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

8.8CVSS7.4AI score0.01607EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/05 1:49 p.m.17 views

CVE-2020-13537

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority us...

9.3CVSS6.8AI score0.00532EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 1:47 p.m.14 views

CVE-2020-13542

A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing...

9.3CVSS7.1AI score0.00603EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 1:47 p.m.5 views

CVE-2020-13553

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with ...

8.8CVSS7.1AI score0.00504EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 1:46 p.m.19 views

CVE-2020-13539

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of t...

9.3CVSS6.9AI score0.00588EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 1:45 p.m.18 views

CVE-2020-13540

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the...

9.3CVSS7AI score0.00525EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 1:44 p.m.6 views

CVE-2020-13554

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with ...

8.8CVSS7.1AI score0.00547EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 1:44 p.m.9 views

CVE-2020-13549

An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or...

8.8CVSS7.6AI score0.00465EPSS
Exploits1
Rows per page
Query Builder