258 matches found
PT-2024-6558 · Grafana +1 · Grafana Agent +2
Name of the Vulnerable Software and Affected Versions: Grafana Alloy versions prior to 1.3.3 Grafana Alloy versions 1.4.0-rc.0 through 1.4.0-rc.1 Grafana Agent Flow mode version prior to 0.43.3 Description: The issue is related to an Unquoted Search Path or Element vulnerability in Grafana Alloy ...
The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.
The vulnerability of the Graphics component in Windows operating systems is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
Axigen Arbitrary File Read And Delete
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Axigen Arbitrary File Read and Delete', 'Description' = %q This module exploits a directory traversal vulnerability in the WebAdmin interface of...
VulnCheck KEV: CVE-2017-4946
The VMware V4H and V4PA desktop agents 6.x before 6.5.1 contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM...
PT-2024-4964 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a use-after-free vulnerability in the Win32k component Win32k.sys of Windows operating systems, which is associated with memory usage after it has been freed...
CVE-2024-36071
Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search Path...
CVE-2024-36071
CVE-2024-36071 affects Samsung Magician 8.0.0 on Windows, where an Untrusted Search Path allows a local attacker with administrative privileges to escalate privileges by tampering with installation directory and DLL files. The CVE’s metrics indicate a local, high-complexity, high-privilege requir...
CVE-2023-42938
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges...
PT-2024-2286 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to insufficient access control in the Windows operating system's SCSI device handler, allowing an attacker to potentially elevate their privileges. This could...
PT-2024-3264 · Intel · Intel Thunderbolt Dch Drivers
Name of the Vulnerable Software and Affected Versions: IntelR ThunderboltTM DCH drivers for Windows versions prior to 88 Description: The issue is related to improper buffer restrictions in some IntelR ThunderboltTM DCH drivers for Windows, which may allow a privileged user to potentially enable...
The vulnerability of the Win32k component in Windows operating systems, which allows attackers to increase their privileges
The vulnerability of the Win32k component in Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability of the Win32k.sys component in Windows operating systems, which allows a hacker to increase their privileges
The vulnerability of the Win32k.sys component in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to enhance their privileges...
PT-2023-11471 · Beyondtrust · Beyondtrust Privilege Management For Windows
Name of the Vulnerable Software and Affected Versions: BeyondTrust Privilege Management for Windows versions through 5.6 Description: An issue was discovered in BeyondTrust Privilege Management for Windows. When adding the Add Admin token to a process and specifying that it runs at medium integri...
CVE-2023-28741
Buffer overflow in some IntelR QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2023-26236
An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe...
GHSA-W23Q-4HW3-2PP6 Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation
Impact All users on Windows are impacted. MinIO fails to filter the \ character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to PutObject in a specific...
CVE-2023-40596
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library DLL that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege...
CVE-2023-40596 Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library DLL that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege...
CVE-2023-36540
Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access...
The vulnerability of the Win32k.sys component in Windows operating systems, which allows a hacker to increase their privileges
The vulnerability of the Win32k.sys component in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to enhance their privileges...