Lucene search
K

832 matches found

OSV
OSV
added 2024/12/10 4:15 p.m.5 views

CVE-2024-55544

Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below...

8.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2024/12/06 6:15 p.m.5 views

CVE-2024-11220

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation...

7.8CVSS5.9AI score0.00152EPSS
Exploits0References2
OSV
OSV
added 2024/11/22 10:15 p.m.7 views

CVE-2024-7240

F-Secure Total Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of F-Secure Total. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exist...

7.8CVSS7.4AI score0.00382EPSS
Exploits0References1
OSV
OSV
added 2024/11/22 8:15 p.m.6 views

CVE-2024-6260

Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system i...

7.8CVSS6.2AI score0.00294EPSS
Exploits0References2
OSV
OSV
added 2024/11/15 4:15 p.m.3 views

CVE-2023-20036

A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when uploading a Device Pack. An...

9.9CVSS6.3AI score0.1272EPSS
Exploits0References1
OSV
OSV
added 2024/11/04 2:15 a.m.5 views

CVE-2024-20119

In mms, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09062301; Issue ID: MSV-1620...

6.7CVSS5.9AI score0.00081EPSS
Exploits0References1
OSV
OSV
added 2024/11/04 2:15 a.m.4 views

CVE-2024-20110

In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065887; Issue ID: MSV-1762...

6.7CVSS5.9AI score0.00082EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/01 12:0 a.m.8 views

The vulnerability of the CLFS driver for Microsoft Windows operating systems allows a hacker to gain increased privileges.

The vulnerability of the CLFS driver in Microsoft Windows operating systems is related to errors in privilege management. Exploiting this vulnerability can allow an attacker to elevate their privileges to the SYSTEM level using a specially crafted blk-file...

7.8CVSS5.5AI score
Exploits0References1
NVD
NVD
added 2024/10/23 3:15 p.m.17 views

CVE-2024-47902

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices does not authenticate GET requests...

9.8CVSS0.005EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/23 2:21 p.m.13 views

CVE-2024-47902

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices does not authenticate GET requests...

7.2CVSS9.5AI score0.005EPSS
Exploits0References1
CVE
CVE
added 2024/10/23 2:21 p.m.51 views

CVE-2024-47902

CVE-2024-47902 affects Siemens InterMesh 7177 Hybrid 2.0 Subscriber (all versions < 8.2.12) and InterMesh 7707 Fire Subscriber (all versions

9.8CVSS9.6AI score0.005EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/23 2:21 p.m.15 views

CVE-2024-47901

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices does not sanitize the input paramete...

10CVSS7.4AI score0.01247EPSS
Exploits0References1
NVD
NVD
added 2024/10/18 5:15 p.m.24 views

CVE-2023-6080

Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access...

7.8CVSS0.00215EPSS
Exploits0References3
CVE
CVE
added 2024/10/18 4:9 p.m.57 views

CVE-2023-6080

CVE-2023-6080 affects Lakeside Software’s SysTrack LsiAgent Installer for Windows v10.7.8. The issue is a local privilege escalation in the installer that can give an attacker SYSTEM-level access, stemming from flaws in the MSI repair process. Remediation: Lakeside recommends updating to v11.0 to...

7.8CVSS7.8AI score0.00215EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/09/30 2:30 p.m.15 views

RLSA-2024:6837 Important: pcp security update

Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...

5.5CVSS5.8AI score0.00285EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/09/24 12:0 a.m.10 views

Cognex In-Sight OPC Server Deserialization of Untrusted Data (CVE-2021-32935)

The affected Cognex product, the In-Sight OPC Server versions v5.7.4 96 and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation. This plugin only works with Tenable.ot. Please visit...

10CVSS8.4AI score0.01682EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/09/17 12:0 a.m.4 views

The vulnerability of the Ivanti EPM endpoint management software is related to an uncontrolled element in the search process. This allows a malicious individual to elevate their privileges to SYSTEM level.

The vulnerability of the Ivanti EPM endpoint management software is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow a perpetrator to increase their privileges to SYSTEM level...

6.8CVSS7.7AI score0.00363EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/08/26 12:0 a.m.4 views

The vulnerability of the Citrix Workspace App for Windows lies in its insecure handling of privileges, allowing an attacker to elevate their privileges to the SYSTEM level.

The vulnerability of the Citrix Workspace App for Windows relates to insecure management of privileges. Exploiting this vulnerability could allow an attacker to elevate their privileges to the SYSTEM level...

7.8CVSS7.7AI score0.00386EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2024/08/16 7:10 a.m.29 views

Google to Remove App that Made Google Pixel Devices Vulnerable to Attacks

A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware. The issue manifests in the form of a pre-installed Android app called "Showcase.apk" that comes with...

7.3AI score
Exploits0
OSV
OSV
added 2024/07/26 12:15 p.m.13 views

CVE-2024-7062

Nimble Commander suffers from a privilege escalation vulnerability due to the server info.filesmanager.Files.PrivilegedIOHelperV2 performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as...

7.8CVSS7.7AI score0.00246EPSS
Exploits1References1
Rows per page
Query Builder