Lucene search
+L

144 matches found

ncsc
ncsc
added 2023/06/08 12:0 a.m.5 views

Vulnerability fixed in Cisco Anyconnect Secure Mobility Client and Secure Client

Cisco has fixed a vulnerability in Anyconnect Secure Mobility Client and Secure Client for windows. A local, authenticated malicious party could exploit the vulnerability to grant themselves elevated privileges and execute arbitrary code execute code with privileges from SYSTEM. Cisco has release...

7.8CVSS7.5AI score0.05374EPSS
Exploits1
cisco
cisco
added 2023/06/07 4:0 p.m.214 views

Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed aft...

7.8CVSS7.6AI score0.05374EPSS
Exploits1References1
susecve
susecve
added 2023/02/15 4:45 a.m.6 views

SUSE CVE-2017-8452

Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes...

7.5CVSS6.9AI score0.01383EPSS
Exploits0References3
ivanti
ivanti
added 2023/02/14 7:22 a.m.7 views

SA40241 - Pulse client privilege escalation issue (CVE-2016-2408)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A security vulnerability was discovered within a Pulse Secure client-side component Windows OS only. By exploiting this vulnerability, a restricted user on a endpoint machine can obtain...

7.8CVSS6.2AI score0.00387EPSS
Exploits0
ivanti
ivanti
added 2023/02/14 7:22 a.m.11 views

2020-06: Out-of-Cycle Advisory: Pulse Secure Client TOCTOU Privilege Escalation Vulnerability (CVE-2020-13162)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A security vulnerability was discovered within a Pulse Secure client-side component Windows OS only. This is a client-side exploit only and does not affect the PCS or PPS gateway serve...

7CVSS6.5AI score0.00793EPSS
Exploits3
ptsecurity
ptsecurity
added 2022/10/27 12:0 a.m.8 views

PT-2022-6663 · Cisco · Cisco Secure Client

Name of the Vulnerable Software and Affected Versions: Cisco Secure Client formerly Cisco AnyConnect Secure Mobility Client versions affected versions not specified Description: A vulnerability in the client update process of Cisco Secure Client Software for Windows could allow a low-privileged,...

7.8CVSS7.5AI score0.05374EPSS
Exploits1References15
cnnvd
cnnvd
added 2022/03/10 12:0 a.m.7 views

F-Secure 多款产品安全漏洞

F-Secure Elements Agent and others are products of F-Secure Finland.F-Secure Elements Agent is a cloud-native endpoint protection system.F-Secure MDR is a managed network security service.F-Secure Client Security is a client security F-Secure Client Security is a client-side security solution. A...

8.5CVSS7.4AI score0.00714EPSS
Exploits0References3
cvelist
cvelist
added 2020/10/28 12:46 p.m.29 views

CVE-2020-8254

A vulnerability in the Pulse Secure Desktop Client 9.1R9 has Remote Code Execution RCE if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below...

8.8AI score0.02034EPSS
Exploits0References1
ncsc
ncsc
added 2020/06/18 12:0 a.m.6 views

Vulnerability fixed in Pulse Secure Client for Windows

A vulnerability has been fixed in Pulse Secure Client for Windows. The vulnerability allows a locally authenticated malicious party the ability to obtain elevated SYSTEM privileges. obtain. Security researcher Red Timmy Security has published a write-up regarding the vulnerability published at:...

7CVSS6.5AI score0.00793EPSS
Exploits3
osv
osv
added 2020/06/16 8:15 p.m.6 views

CVE-2020-13162

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows which runs as NT AUTHORITY/SYSTEM allows unprivileged users to run a Microsoft Installer executable with elevated privileges...

7CVSS7.1AI score0.00793EPSS
Exploits3References10
vulnrichment
vulnrichment
added 2020/06/16 7:41 p.m.7 views

CVE-2020-13162

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows which runs as NT AUTHORITY/SYSTEM allows unprivileged users to run a Microsoft Installer executable with elevated privileges...

6.7AI score0.00793EPSS
Exploits3References10
ptsecurity
ptsecurity
added 2020/06/16 12:0 a.m.7 views

PT-2020-5945 · Pulse Secure · Pulse Secure Client

Name of the Vulnerable Software and Affected Versions: Pulse Secure Client versions prior to 9.1.6 Description: A time-of-check time-of-use vulnerability in PulseSecureService.exe allows unprivileged users to run a Microsoft Installer executable with elevated privileges. This issue is caused by a...

7CVSS6.5AI score0.00793EPSS
Exploits3References24
attackerkb
attackerkb
added 2020/06/16 12:0 a.m.16 views

CVE-2020-13162

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows which runs as NT AUTHORITY/SYSTEM allows unprivileged users to run a Microsoft Installer executable with elevated privileges. Recent assessments:...

7CVSS6.4AI score0.00793EPSS
Exploits3References11
fedora
fedora
added 2018/12/31 4:57 a.m.11 views

[SECURITY] Fedora 29 Update: electron-cash-3.3.4-1.fc29

Electron Cash is an easy to use Bitcoin Cash client. It protects you from l osing coins in a backup mistake or computer failure, because your wallet can be recovered from a secret phrase that you can write on paper or learn by heart. There is no waiting time when you start the client, because it...

1.1AI score
Exploits0
nvd
nvd
added 2018/09/12 4:29 p.m.21 views

CVE-2018-7572

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network...

7.2CVSS6.8AI score0.00364EPSS
Exploits0References1
osv
osv
added 2018/09/12 4:29 p.m.7 views

CVE-2018-7572

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network...

6.8CVSS5.9AI score0.00364EPSS
Exploits0References1
prion
prion
added 2018/09/12 4:29 p.m.15 views

Authentication flaw

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network...

7.2CVSS6.9AI score0.00364EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2018/09/12 4:0 p.m.17 views

CVE-2018-7572

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network...

6.9AI score0.00364EPSS
Exploits0References1
prion
prion
added 2012/09/06 10:41 a.m.14 views

Design/Logic Flaw

Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse 1 dvccsabase002.dll, 2 conman.dll, 3...

6.9CVSS7.2AI score0.00348EPSS
Exploits0References2Affected Software3
cve
cve
added 2012/09/06 10:0 a.m.46 views

CVE-2010-5203

CVE-2010-5203 affects NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client – Juniper Edition before 9.23 Build 18. The issue is an untrusted search path privilege escalation where local users can gain privileges via Trojan horse files in t...

6.9CVSS6.9AI score0.00348EPSS
Exploits0References2Affected Software3
Rows per page
Query Builder