832 matches found
CVE-2024-55544
Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below...
CVE-2024-11220
A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation...
CVE-2024-7240
F-Secure Total Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of F-Secure Total. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exist...
CVE-2024-6260
Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system i...
CVE-2023-20036
A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when uploading a Device Pack. An...
CVE-2024-20119
In mms, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09062301; Issue ID: MSV-1620...
CVE-2024-20110
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065887; Issue ID: MSV-1762...
The vulnerability of the CLFS driver for Microsoft Windows operating systems allows a hacker to gain increased privileges.
The vulnerability of the CLFS driver in Microsoft Windows operating systems is related to errors in privilege management. Exploiting this vulnerability can allow an attacker to elevate their privileges to the SYSTEM level using a specially crafted blk-file...
CVE-2024-47902
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices does not authenticate GET requests...
CVE-2024-47902
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices does not authenticate GET requests...
CVE-2024-47902
CVE-2024-47902 affects Siemens InterMesh 7177 Hybrid 2.0 Subscriber (all versions < 8.2.12) and InterMesh 7707 Fire Subscriber (all versions
CVE-2024-47901
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices does not sanitize the input paramete...
CVE-2023-6080
Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access...
CVE-2023-6080
CVE-2023-6080 affects Lakeside Software’s SysTrack LsiAgent Installer for Windows v10.7.8. The issue is a local privilege escalation in the installer that can give an attacker SYSTEM-level access, stemming from flaws in the MSI repair process. Remediation: Lakeside recommends updating to v11.0 to...
RLSA-2024:6837 Important: pcp security update
Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...
Cognex In-Sight OPC Server Deserialization of Untrusted Data (CVE-2021-32935)
The affected Cognex product, the In-Sight OPC Server versions v5.7.4 96 and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation. This plugin only works with Tenable.ot. Please visit...
The vulnerability of the Ivanti EPM endpoint management software is related to an uncontrolled element in the search process. This allows a malicious individual to elevate their privileges to SYSTEM level.
The vulnerability of the Ivanti EPM endpoint management software is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow a perpetrator to increase their privileges to SYSTEM level...
The vulnerability of the Citrix Workspace App for Windows lies in its insecure handling of privileges, allowing an attacker to elevate their privileges to the SYSTEM level.
The vulnerability of the Citrix Workspace App for Windows relates to insecure management of privileges. Exploiting this vulnerability could allow an attacker to elevate their privileges to the SYSTEM level...
Google to Remove App that Made Google Pixel Devices Vulnerable to Attacks
A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware. The issue manifests in the form of a pre-installed Android app called "Showcase.apk" that comes with...
CVE-2024-7062
Nimble Commander suffers from a privilege escalation vulnerability due to the server info.filesmanager.Files.PrivilegedIOHelperV2 performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as...