CVE-2022-33922

Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earlie...

PT-2022-21911 · Dell · Dell Geodrive

Name of the Vulnerable Software and Affected Versions: Dell GeoDrive versions prior to 2.2 Description: The issue is related to Insecure File and Folder Permissions, which could be exploited by a low privilege attacker to execute arbitrary code in the SYSTEM security context. Recommendations: For...

Kepware KEPServerEX 安全漏洞

Kepware Kepserverex is a software application from Kepware USA that communicates with a wide range of industrial equipment. The software supports more than 150 communication protocols and supports the delivery of reliable real-time data to organizations through a single platform. A security...

PT-2022-20650 · Gog · Gog Galaxy

Name of the Vulnerable Software and Affected Versions: GOG Galaxy versions 2.0.46 through 2.0.51 Description: An exploitable local privilege escalation issue exists due to insufficient folder permissions. An attacker can hijack the %ProgramData%GOG.com folder structure and change the...

CVE-2022-34902

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 39316 Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...

CVE-2022-23719

PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A...

EagleGet Downloader 安全漏洞

EagleGet Downloader is a download manager from EagleGet, Inc. A security vulnerability exists in EagleGet Downloader version 2.1.5.20, which stems from a local elevation of privilege vulnerability in the luminatinetupdaterwineaglegetcom service, which can be exploited by an attacker to escalate i...

CVE-2021-25261

Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process...

Yandex Browser 后置链接漏洞

Yandex Browser is a desktop web browser from the Russian company Yandex. A security vulnerability exists in Yandex Browser for Windows prior to 22.3.3.684, which originates from a vulnerability that allows local, low-privilege attackers to execute arbitrary code with SYSTEM privileges by...

PT-2022-3562 · American Megatrends +1 · Ami Megarac +1

Name of the Vulnerable Software and Affected Versions: AMI Megarac affected versions not specified Description: The issue is related to the interception of password reset requests via API. There is also a mention of a vulnerability in the OpenSSL library used by the TYCHON network endpoint...

crossbeam 竞争条件问题漏洞

crossbeam is a tool for individual developers that applies to concurrent programming. A competitive conditions issue vulnerability exists in crossbeam that arises from improper design or implementation during code development of a networked system or product...

CVE-2022-0017

An improper link resolution before file access 'link following' vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This iss...

PT-2022-1569 · Microsoft · Windows Resilient File System +1

Name of the Vulnerable Software and Affected Versions: Windows Resilient File System ReFS affected versions not specified Description: The issue is related to errors in code generation management in the Windows Resilient File System ReFS. It can be exploited by sending a specially crafted request...

Panda Security Free Antivirus 权限许可和访问控制问题漏洞

Panda Security Free Antivirus is a free antivirus program from the Spanish company Panda Security. Panda Security Free Antivirus suffers from a privilege-granting and access-control issue vulnerability that can be exploited by an attacker to elevate privileges and execute arbitrary code in the...

CVE-2021-40843

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of...

CVE-2020-11634

The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context...

[SECURITY] Fedora 34 Update: glibc-2.33-20.fc34

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

(Pwn2Own) Microsoft Exchange Server Missing Check of Message Integrity Vulnerability

This vulnerability allows network-adjacent attackers to tamper with update data on affected installations of Microsoft Exchange Server. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of Exchange Server Help updates. The issue results from ...

[SECURITY] Fedora 33 Update: glibc-2.32-6.fc33

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

The vulnerability in the update process of the Cisco AnyConnect Secure Mobility Client cryptographic security tool for Windows allows a perpetrator to execute arbitrary code with SYSTEM privileges.

The vulnerability of the Cisco AnyConnect Secure Mobility Client cryptographic security update process for Windows relates to the creation of temporary files with insecure permissions. Exploiting this vulnerability can allow a attacker to execute arbitrary code with SYSTEM privileges...