26 matches found
EUVD-2023-49884
Malicious code in bioql PyPI...
CVE-2025-23180
CWE-250: Execution with Unnecessary Privileges...
CVE-2025-23181
CVE-2025-23181 affects Ribbon Communications Apollo 9608 SBC; root cause is an unnecessary privileged operation in v9.6R3, enabling Execution with Unnecessary Privileges. CVSS 3.1 base score 8.0 (HIGH) with Adjacent attack vector, Low attack complexity, Low privileges required, no user interactio...
PT-2025-18188 · Ribbon Communications · Apollo 9608
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to execution with unnecessary privileges, as described by CWE-250. No additional details are provided about the nature of the issue, affected devices, or real-world...
CVE-2023-45592
A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser due to the binary being executed with the “--no-sandbox” option and with root privileges exacerbates the impacts of successful attacks executed against the browser. This issue affects: AiLux imx6 bund...
CVE-2023-45592
A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser due to the binary being executed with the “--no-sandbox” option and with root privileges exacerbates the impacts of successful attacks executed against the browser. This issue affects: AiLux imx6 bund...
CVE-2023-45592
CVE-2023-45592 affects AiLux imx6 bundle, with the vulnerable component being the embedded Chromium browser operated with the --no-sandbox option under root privileges. The root cause is execution with unnecessary privileges, which could exacerbate impact from attacks against the embedded browser...
CVE-2023-45592
A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser due to the binary being executed with the “--no-sandbox” option and with root privileges exacerbates the impacts of successful attacks executed against the browser. This issue affects: AiLux imx6 bund...
Default credentials
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...
CVE-2023-4003 One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...
CVE-2023-4003 One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...
Security Bulletin: NVIDIA DGX A100 and DGX A800 - June 2023
NVIDIA has released a firmware security update for the NVIDIA DGX™ A100 system and the NVIDIA DGX A800 system. This update addresses issues that may lead to code execution, denial of service, data tampering, escalation of privileges, and information disclosure. To protect your system, download an...
Wondershare Dr Fone 12.9.6 Weak Permissions / Privilege Escalation
Executive Summary: Product Name: Wondershare Dr. Fone Vendor Home Page: https://drfone.wondershare.com Affected Versions: Dr Fone version 12.9.6 Vulnerability Type: Execution with Unnecessary Privileges CWE-250 CVE Reference: CVE-2023-27010. Credit: Thurein Soe Vendor Description: Wondershare Dr...
Digi ConnectPort X2D
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Digi International, Inc. Equipment: ConnectPort X2D Gateway Vulnerability: Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...
CVE-2022-26113
An execution with unnecessary privileges vulnerability CWE-250 in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system...
CVE-2022-26113
Fortinet FortiClient for Windows is affected by an execution with unnecessary privileges (CWE-250) vulnerability that permits a local attacker to perform an arbitrary file write. Affected versions cover FortiClientWindows 7.0.0–7.0.3, 6.4.0–6.4.7, 6.2.0–6.2.9, and 6.0.0–6.0.10. The issue is confi...
CVE-2022-1517 3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this...
CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal Vulnerability
A Python script web.py for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller. CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal Vulnerability...
CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal
KL-001-2021-005: CommScope Ruckus IoT Controller Web Application Directory Traversal Title: CommScope Ruckus IoT Controller Web Application Directory Traversal Advisory ID: KL-001-2021-005 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-005.txt...
: CipherMail Email Encryption Gateway Community Virtual Appliance Multiple Vulnerabilities
1. Advisory Information Title : CipherMail Email Encryption Gateway Community Virtual Appliance Multiple Vulnerabilities Advisory ID : CORE-2020-0008 Advisory URL : https://www.coresecurity.com/core-labs/advisories/ciphermail-multiple-vulnerabilities Date published : 2020-05-28 Date of last updat...