Lucene search
K

230 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:53 a.m.13 views

CVE-2023-20178

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed aft...

7.8CVSS7AI score0.05374EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:5 a.m.7 views

CVE-2022-28944

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network...

8.8CVSS8.6AI score0.01689EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:31 p.m.4 views

CVE-2021-25261

Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process...

7.8CVSS7.3AI score0.00466EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/05 12:0 a.m.13 views

Docker Desktop < 4.41.0 Privilege Escalation

The version of Docker Desktop for Windows is prior to 4.41.0. It is therefore affected by a privilege escalation vulnerability. A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTE...

7.8CVSS5.8AI score0.00208EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/05/02 2:2 a.m.9 views

SUSE CVE-2025-37752

In the Linux kernel, the following vulnerability has been resolved: netsched: schsfq: move the limit validation It is not sufficient to directly validate the limit on the data that the user passes as it can be updated based on how the other parameters are changed. Move the check at the end of the...

7CVSS6.5AI score0.00235EPSS
Exploits0References88
RedhatCVE
RedhatCVE
added 2025/04/30 8:14 p.m.15 views

CVE-2025-3224

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with...

7.8CVSS7.2AI score0.00208EPSS
Exploits0References1
OSV
OSV
added 2025/04/28 8:15 p.m.6 views

CVE-2025-3224

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with...

7.8CVSS5.9AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2025/04/28 8:15 p.m.21 views

CVE-2025-3224

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with...

7.8CVSS0.00208EPSS
Exploits0References1
CVE
CVE
added 2025/04/28 7:21 p.m.110 views

CVE-2025-3224

Docker Desktop for Windows versions prior to 4.41.0 are affected by an Elevation of Privilege during the update process. The updater runs with high privileges and attempts to delete files under C:\ProgramData\Docker\config, a path that often does not exist and where normal users can create direct...

7.8CVSS6.8AI score0.00208EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/18 12:0 a.m.5 views

PT-2025-17325 · Nautel · Nautel Vx Series

Name of the Vulnerable Software and Affected Versions: Nautel VX Series transmitters VX SW versions 6.4.0 and below Description: The issue is related to a remote code execution RCE vulnerability in the firmware update process. This allows attackers to execute arbitrary code by supplying a crafted...

9.8CVSS7.8AI score0.00325EPSS
Exploits0References6
Citrix
Citrix
added 2025/04/09 12:0 a.m.9 views

Citrix Endpoint Management (aka XenMobile Server) 10.16.0 Rolling Patch 5

Package name: xms10.16.0.10551.bin For: XenMobile Server 10.16.0 Deployment type: On-premises only Replaces: xms10.16.0.10427.bin, xms10.16.0.10318.bin, xms10.16.0.10205.bin, xms10.16.0.10108.bin Date: April 2025 Languages supported: English US Important notes about this update As a best practice...

6.9AI score
Exploits0
OSV
OSV
added 2025/03/31 11:15 p.m.10 views

CVE-2025-24209

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash...

7CVSS6.6AI score
Exploits0References12
OSV
OSV
added 2024/12/26 2:15 p.m.6 views

CVE-2024-12953

A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected by this issue is some unknown functionality of the file /updatepdprocess.php. The manipulation of the argument profile leads to unrestricted upload. The attack may be...

9.8CVSS5.5AI score0.00698EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.11 views

PT-2024-17825 · Unknown · 1000 Projects Portfolio Management System Mca

Name of the Vulnerable Software and Affected Versions: 1000 Projects Portfolio Management System MCA version 1.0 Description: A critical issue has been found in the 1000 Projects Portfolio Management System MCA, affecting some unknown functionality of the file /update pd process.php. The...

9.8CVSS7.3AI score0.00698EPSS
Exploits1References10
OSV
OSV
added 2024/11/19 6:15 p.m.5 views

CVE-2023-21270

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User...

7.8CVSS5.8AI score0.00082EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.17 views

PT-2024-16656 · Rockwell Automation · Rockwell Automation

Name of the Vulnerable Software and Affected Versions: Rockwell Automation products affected versions not specified Description: A Local Privilege Escalation issue exists in the affected product, requiring a local, low-privileged threat actor to replace certain files during an update. This issue...

7.3CVSS7AI score0.00178EPSS
Exploits0References7
CVE
CVE
added 2024/11/08 12:15 p.m.50 views

CVE-2024-50592

CVE-2024-50592 describes a local privilege escalation in HASOMED Elefant software, via a race condition in the Elefant Update Service during repair/update. An attacker with local access can exploit the window between copying vulnerable executables to a user-writable folder (C:\Elefant1) and the f...

7CVSS7AI score0.00176EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2024/10/28 5:29 a.m.34 views

Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement DSE on fully patched Windows systems, leading to operating system OS downgrade attacks. "This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize...

7.3CVSS7.9AI score0.01678EPSS
Exploits0
CVE
CVE
added 2024/10/11 12:0 a.m.42 views

CVE-2024-48788

CVE-2024-48788 affects YESCAM (com.yescom.YesCam.zwave) 1.0.2. A flaw in the firmware update process may allow a remote attacker to obtain sensitive information and, per PT-2024-33222, could enable arbitrary code execution with admin privileges. No fix for 1.0.2 is publicly documented in the conn...

7.5CVSS6.4AI score0.00567EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/11 12:0 a.m.4 views

Shelly com.home.shelly 安全漏洞

Shelly com.home.shelly is a firmware program from Shelly, Inc. A security vulnerability exists in Shelly com.home.shelly version 1.0.4, which stems from a contained vulnerability that allows remote attackers to obtain sensitive information through the firmware update process...

7.5CVSS6.5AI score0.00439EPSS
Exploits0References4
Rows per page
Query Builder