269 matches found
Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...
Veeam Backup and Replication 13.x < 13.0.2.29 LPE (KB4852)
The version of Veeam Backup and Replication installed on the remote Windows host is prior to 13.0.2.29. It is, therefore, affected by a local privilege escalation vulnerability: - A vulnerability in the bundled Veeam Agent for Microsoft Windows allows for local privilege escalation. CVE-2026-3299...
CVE-2024-47091 Privilege escalation via mk_mysql agent plugin on Windows
Privilege escalation in the mkmysql agent plugin on Windows in Checkmk 2.4.0p29, 2.3.0p47, and 2.2.0 EOL allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' or with write access to a binary referenced by such a service to execute arbitrary cod...
PT-2026-40585
Privilege escalation in the mk mysql agent plugin on Windows in Checkmk 2.4.0p29, 2.3.0p47, and 2.2.0 EOL allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' or with write access to a binary referenced by such a service to execute arbitrary co...
GHSA-FC67-C4HG-Q653 Amazon ECS Container Agent (Windows) is vulnerable to Information Disclosure
Summary Amazon Elastic Container Service Amazon ECS is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. An issue exists where, under certain circumstances, improper input validation in the FSx Windows File Server volum...
Amazon ECS Container Agent (Windows) is vulnerable to Information Disclosure
Summary Amazon Elastic Container Service Amazon ECS is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. An issue exists where, under certain circumstances, improper input validation in the FSx Windows File Server volum...
CVE-2026-2123
CVE-2026-2123 describes a local privilege escalation in Windows where the Operations Agent (versions
CVE-2026-2123 Privilege escalation vulnerability in Operations Agent
A security audit identified a privilege escalation vulnerability in Operations Agent=OA 12.29 on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability...
CVE-2025-11792
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent Windows before build 41124...
CVE-2020-37047
Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicio...
EUVD-2020-30971
Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicio...
CVE-2020-37047 Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path
Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicio...
CVE-2020-37047 Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path
Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicio...
Deep Instinct Windows Agent 代码问题漏洞
Deep Instinct Windows Agent is a terminal protection client software developed by Deep Instinct, Inc. In the version 1.2.29.0 of Deep Instinct Windows Agent, there is a code vulnerability. This vulnerability stems from the lack of quotation marks around the DeepMgmtService service path, which may...
PT-2026-5577
Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:Program FilesHP Sure SenseDeepMgmtService.exe to inject malicious...
Broadcom Symantec Endpoint Protection Windows Agent security vulnerabilities
Broadcom Symantec Endpoint Protection Windows Agent is a client component of the endpoint security solution provided by Broadcom Corporation. There is a security vulnerability in Broadcom Symantec Endpoint Protection Windows Agent, which stems from an issue with privilege escalation. This...
Broadcom Symantec Endpoint Protection Windows Agent security vulnerabilities
Broadcom Symantec Endpoint Protection Windows Agent is a client component of the endpoint security solution provided by Broadcom Corporation. Versions of Broadcom Symantec Endpoint Protection Windows Agent prior to 9.8.5 contain security vulnerabilities. These vulnerabilities stem from permission...
EUVD-2026-4640
Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkService.exe to inject...
CVE-2020-36934 Deep Instinct Windows Agent 1.2.24.0 - 'DeepNetworkService' Unquoted Service Path
Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkService.exe to inject...
CVE-2020-36934
Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkService.exe to inject...