Lucene search
+L

197 matches found

Zero Day Initiative
Zero Day Initiative
added 2024/01/10 12:0 a.m.23 views

Trend Micro Apex One Security Agent Updater Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7CVSS7.5AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 2023/09/19 4:15 p.m.21 views

CVE-2023-38352

MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack...

8.1CVSS8.4AI score0.0063EPSS
Exploits0References1
CVE
CVE
added 2023/09/19 12:0 a.m.50 views

CVE-2023-38352

CVE-2023-38352 affects MiniTool Partition Wizard 12.8. The issue is an insecure update mechanism that allows remote code execution via a man-in-the-middle attack. Root cause is lack of proper update integrity/authentication during updates, enabling an attacker on the network to tamper update deli...

8.1CVSS8.3AI score0.0063EPSS
Exploits0References1Affected Software1
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/05/24 5:23 a.m.45 views

EFB vulnerability in Lufthansa’s Lido eRouteManual

Almost all commercial airlines now use electronic flight bags EFBs to drive efficiency and safety in their operations. We’ve been testing the security of EFBs and their apps, here’s our latest findings. TL;DR Many airlines use Lufthansa Systems Lido eRoute Manual for their EFB approach plates. We...

7.3AI score
Exploits0
NCSC
NCSC
added 2023/04/25 12:0 a.m.8 views

Vulnerability fixed in Rancher

A vulnerability has been fixed in Rancher. The vulnerability is located in the update mechanism. Systems that used the internal update mechanism used to upgrade from versions 2.6.x and 2.7.x upgrade to 2.7.2 are vulnerable. Systems initially installed on version 2.7.2 are not vulnerable. Due to a...

9.9CVSS7.2AI score0.00779EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/04/11 9:16 a.m.25 views

Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month,...

7.1AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/03/29 12:0 a.m.8 views

CVE-2022-3093

This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iceupdater update mechanism. The issue results from the lack of proper validation of user-supplied...

7.6CVSS6.6AI score0.00439EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/03/10 2:2 p.m.74 views

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...

1.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.2 views

SUSE CVE-2006-4567

Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious...

2.6CVSS8.8AI score0.0179EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/09/26 12:0 a.m.9 views

The vulnerability of the update mechanism implemented by the antivirus software Apex One allows a hacker to gain unauthorized access to protected information.

The vulnerability of the update mechanism of the antivirus software Apex One is related to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by downloading a specially created...

9CVSS7.2AI score0.03054EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/09/19 12:0 a.m.11 views

PT-2022-25420

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq access token parameter. This affects R6230 befor...

6AI score0.02233EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/09/19 12:0 a.m.5 views

PT-2022-25421

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker suitably positioned on the network could intercept the update request and deliver a...

6.4AI score0.00274EPSS
Exploits1References4
OSV
OSV
added 2022/07/18 3:15 p.m.5 views

CVE-2022-34891

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

7.8CVSS6.2AI score0.00296EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/18 3:15 p.m.6 views

CVE-2022-34891

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

7.8CVSS6.3AI score0.00296EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/07/18 3:15 p.m.6 views

CVE-2022-34892

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

7.8CVSS6.3AI score0.00257EPSS
Exploits0References3
NVD
NVD
added 2022/07/18 3:15 p.m.22 views

CVE-2022-34892

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

7.8CVSS0.00257EPSS
Exploits0References2
OSV
OSV
added 2022/07/18 3:15 p.m.5 views

CVE-2022-34892

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

7.8CVSS6.2AI score0.00257EPSS
Exploits0References2
Prion
Prion
added 2022/07/18 3:15 p.m.17 views

Design/Logic Flaw

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

4.3CVSS7.8AI score0.00296EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/07/18 3:15 p.m.16 views

Design/Logic Flaw

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

4.3CVSS7.8AI score0.00257EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/18 2:17 p.m.30 views

CVE-2022-34892

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

7.8CVSS8AI score0.00257EPSS
Exploits0References2
Rows per page
Query Builder