Lucene search
K

832 matches found

Positive Technologies
Positive Technologies
added 2024/06/11 12:0 a.m.4 views

PT-2024-4280

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description An elevation-of-privilege vulnerability exists in the Microsoft Windows Kernel Streaming service. The vulnerability is due to improper handling of untrusted pointer dereferencing...

7CVSS7.3AI score0.01965EPSS
Exploits1References46
Talos Blog
Talos Blog
added 2024/05/29 4:7 p.m.45 views

Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges

Cisco Talos Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software. Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read...

9.8CVSS9.8AI score0.01986EPSS
Exploits16
OSV
OSV
added 2024/05/23 10:15 p.m.3 views

CVE-2024-5246

NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific...

8.8CVSS7.7AI score0.31305EPSS
Exploits0References2
Talos Blog
Talos Blog
added 2024/05/14 5:57 p.m.61 views

Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core

After a relatively hefty Microsoft Patch Tuesday in April, this months security update from the company only included one critical vulnerability across its massive suite of products and services. In all, Mays slate of vulnerabilities disclosed by Microsoft included 59 total CVEs, most of which ar...

7.8CVSS7.3AI score0.8399EPSS
Exploits2
OSV
OSV
added 2024/05/10 2:32 p.m.17 views

RLSA-2024:2566 Important: pcp security, bug fix, and enhancement update

Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...

8.8CVSS8.8AI score0.01002EPSS
Exploits0References2
OSV
OSV
added 2024/05/03 3:16 a.m.4 views

CVE-2023-51579

Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS6.2AI score
Exploits0References1
OSV
OSV
added 2024/05/03 3:16 a.m.5 views

CVE-2023-51577

Voltronic Power ViewPower setShutdown Exposed Dangerous Method Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged cod...

7.8CVSS6.2AI score0.0031EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.4 views

CVE-2023-41182

NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit...

8.8CVSS6.3AI score0.58622EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.14 views

CVE-2023-40505

LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists...

9.8CVSS7.9AI score0.0196EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/05/03 2:15 a.m.4 views

CVE-2023-32177

VIPRE Antivirus Plus DeleteHistoryFile Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the...

7.8CVSS6.2AI score0.0071EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.5 views

Voltronic Power ViewPower 安全漏洞

Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. A remote code execution vulnerability exists in Voltronic Power ViewPower, which can be exploited by an attacker to execute code in the SYSTEM context...

9.8CVSS8.2AI score0.01483EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.42 views

Moderate: pcp security update

Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...

6.7CVSS6.9AI score0.002EPSS
Exploits0References4
OSV
OSV
added 2024/04/30 12:0 a.m.30 views

ALSA-2024:2213 Moderate: pcp security update

Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...

6.7CVSS6.4AI score0.002EPSS
Exploits0References4
CISA KEV Catalog
CISA KEV Catalog
added 2024/04/23 12:0 a.m.78 views

Microsoft Windows Print Spooler Privilege Escalation Vulnerability

Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions...

7.8CVSS8.4AI score0.14949EPSS
In wildExploits0
BDU FSTEC
BDU FSTEC
added 2024/04/15 12:0 a.m.5 views

The vulnerability of the Polarion ALM application lifecycle management software lies in its default access settings, which allow attackers to elevate their privileges to the level of NT AUTHORITY\SYSTEM.

The vulnerability of the Polarion ALM application lifecycle management software is related to the default access settings. Exploiting this vulnerability can allow attackers to elevate their privileges to the NT AUTHORITY\SYSTEM level...

7.8CVSS7.2AI score0.00148EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/04/15 12:0 a.m.31 views

Siemens SCALANCE W700 Improper Neutralization of Special Elements Used in an OS Command (CVE-2023-49691)

An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update. This plugin only works...

7.2CVSS6.8AI score0.00644EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2024/04/02 12:0 a.m.281 views

ASUS Control Center Express 01.06.15 Unquoted Service Path

Exploit Title: ASUS Control Center Express 01.06.15 - Unquoted Service Path Privilege Escalation Date: 2024-04-02 Exploit Author: Alaa Kachouh Vendor Homepage: https://www.asus.com/campaign/ASUS-Control-Center-Express/global/ Version: Up to 01.06.15 Tested on: Windows CVE: CVE-2024-27673...

7.2AI score
Exploits3
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.285 views

ASUS Control Center Express 01.06.15 - Unquoted Service Path

Exploit Title: ASUS Control Center Express 01.06.15 - Unquoted Service Path Privilege Escalation Date: 2024-04-02 Exploit Author: Alaa Kachouh Vendor Homepage: https://www.asus.com/campaign/ASUS-Control-Center-Express/global/ Version: Up to 01.06.15 Tested on: Windows CVE: CVE-2024-27673...

6.6AI score
Exploits3
CNNVD
CNNVD
added 2024/04/01 12:0 a.m.4 views

Voltronic Power ViewPower 安全漏洞

Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. A remote code execution vulnerability exists in Voltronic Power ViewPower Pro, which is caused by a lack of proper validation of user-supplied data and can lead to deserialization of untrustwort...

9.8CVSS8.2AI score0.0104EPSS
Exploits0References2
Krebs on Security
Krebs on Security
added 2024/03/26 3:37 p.m.27 views

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apples password reset feature. In this scenario, a targets Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used...

6.6AI score
Exploits0
Rows per page
Query Builder