Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2083 matches found

GoogleProjectZero
GoogleProjectZeroadded 2020/02/15 12:0 a.m.16 views

Escaping the Chrome Sandbox with RIDL

Guest blog post by Stephen Röttger tl;dr: Vulnerabilities that leak cross process memory can be exploited to escape the Chrome sandbox. An attacker is still required to compromise the renderer prior to mounting this attack. To protect against attacks on affected CPUs make sure your microcode is u...

7.6AI score
Exploits0
Exploit DB
Exploit DBadded 2020/02/07 12:0 a.m.172 views

Windscribe - WindscribeService Named Pipe Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windscribe WindscribeService Named Pipe Privilege Escalation', 'Description' = %q The Windscribe VPN client application for Windows makes use of ...

7.8CVSS7.4AI score0.28652EPSS
Exploits4
0day.today
0day.todayadded 2020/02/05 12:0 a.m.188 views

Windscribe VPN WindscribeService Named Pipe Privilege Escalation Exploit

The Windscribe VPN client application for Windows makes use of a Windows service WindscribeService.exe which exposes a named pipe \.\pipe\WindscribeService allowing execution of programs with elevated privileges. Windscribe versions prior to 1.82 do not validate user-supplied program names,...

7.8CVSS0.5AI score0.28652EPSS
Exploits4
Packet Storm
Packet Stormadded 2020/02/05 12:0 a.m.100 views

Windscribe WindscribeService Named Pipe Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windscribe WindscribeService Named Pipe Privilege Escalation', 'Description' = %q The Windscribe VPN client application for Windows makes use of ...

7.2CVSS0.1AI score0.28652EPSS
Exploits4
Metasploit
Metasploitadded 2020/02/01 12:41 a.m.39 views

Windscribe WindscribeService Named Pipe Privilege Escalation

The Windscribe VPN client application for Windows makes use of a Windows service WindscribeService.exe which exposes a named pipe \.\pipe\WindscribeService allowing execution of programs with elevated privileges. Windscribe versions prior to 1.82 do not validate user-supplied program names,...

7.8CVSS7.4AI score0.28652EPSS
Exploits4
OSV
OSVadded 2020/01/23 3:15 p.m.1 views

CVE-2019-17201

FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service...

7.8CVSS7.2AI score0.00093EPSS
Exploits0References2
OpenVAS
OpenVASadded 2020/01/23 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for sssd (EulerOS-SA-2019-1193)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.00273EPSS
Exploits0References2
OpenVAS
OpenVASadded 2020/01/23 12:0 a.m.45 views

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2016-1007)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.2AI score0.00022EPSS
Exploits3References2
OpenVAS
OpenVASadded 2020/01/23 12:0 a.m.36 views

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1487)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.5AI score0.09009EPSS
Exploits14References2
Cvelist
Cvelistadded 2020/01/23 12:0 a.m.12 views

CVE-2019-17201

FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service...

9CVSS7.6AI score0.00093EPSS
Exploits0References2
OSV
OSVadded 2019/12/30 6:15 p.m.1 views

CVE-2019-19470

Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and including 2.1.12. Fixed in version 2.1.13...

7.8CVSS7.1AI score
Exploits0References2
NVD
NVDadded 2019/12/30 6:15 p.m.10 views

CVE-2019-19470

Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and including 2.1.12. Fixed in version 2.1.13...

7.8CVSS7.8AI score0.00837EPSS
Exploits0References2
Prion
Prionadded 2019/12/30 6:15 p.m.14 views

Deserialization of untrusted data

Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and including 2.1.12. Fixed in version 2.1.13...

7.2CVSS7.8AI score0.00837EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2019/12/30 5:39 p.m.51 views

CVE-2019-19470

CVE-2019-19470 describes unsafe ".NET deserialization" in TinyWall’s Named Pipe message processing, enabling local privilege escalation to NT AUTHORITY\SYSTEM. Affected: TinyWall up to version 2.1.12; fixed in 2.1.13. Root cause: unsafe deserialization during Named Pipe handling, leading to eleva...

7.8CVSS7.7AI score0.00837EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2019/12/30 5:39 p.m.12 views

CVE-2019-19470

Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and including 2.1.12. Fixed in version 2.1.13...

7.8AI score0.00837EPSS
Exploits0References2
NVD
NVDadded 2019/12/12 7:15 p.m.12 views

CVE-2019-18297

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server All versions. An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specifically crafted packets to a named pipe. Please note that an attacker needs to have local access...

7.8CVSS8.1AI score0.00134EPSS
Exploits0References2
Prion
Prionadded 2019/12/12 7:15 p.m.21 views

Design/Logic Flaw

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server All versions. An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specifically crafted packets to a named pipe. Please note that an attacker needs to have local access...

7.2CVSS8.1AI score0.00134EPSS
Exploits0References2
CVE
CVEadded 2019/12/12 7:8 p.m.53 views

CVE-2019-18297

CVE-2019-18297 affects Siemens SPPA-T3000 MS3000 Migration Server (all versions). An attacker with local access and low privileges can gain root privileges by sending specially crafted packets to a named pipe. The vulnerability requires local access to exploit; no public exploits are noted in the...

7.8CVSS7.4AI score0.00134EPSS
Exploits0References2Affected Software1
CNVD
CNVDadded 2019/12/11 12:0 a.m.1 views

Siemens SPPA-T3000 MS3000 Migration Server Heap Buffer Overflow Vulnerability (CNVD-2019-45417)

SPPA-T3000 is a distributed control system mainly used in thermal power plants and large-scale renewable energy power plants.MS3000 Migration Server is one of the migration servers. A heap buffer overflow vulnerability exists in the Siemens SPPA-T3000 MS3000 Migration Server. An attacker with loc...

7.8CVSS7.2AI score0.00134EPSS
Exploits0References1
Fedora
Fedoraadded 2019/11/18 10:48 p.m.18 views

[SECURITY] Fedora 31 Update: hunspell-1.7.0-4.fc31

Hunspell is a spell checker and morphological analyzer library and program designed for languages with rich morphology and complex word compounding or character encoding. Hunspell interfaces: Ispell-like terminal interface usi ng Curses library, Ispell pipe interface, LibreOffice UNO module...

6.5CVSS3.2AI score0.00527EPSS
Exploits1
Rows per page
Query Builder