Page 109 of 5095 results (0.032 seconds)

CVSS: 2.6EPSS: 0%CPEs: -EXPL: 0

Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function. • https://cxsecurity.com/issue/WLB-2024040051 https://packetstormsecurity.com/files/178101/Relate-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The active response can be triggered by writing events either to the local `execd` queue on server or to the `ar` queue which forwards the events to agents. So, it can leads to LPE on server as root and RCE on agent as root. ... La respuesta activa se puede activar escribiendo eventos en la cola "execd" local en el servidor o en la cola "ar" que reenvía los eventos a los agentes. Por lo tanto, puede conducir a LPE en el servidor como raíz y a RCE en el agente como raíz. • https://github.com/wazuh/wazuh/security/advisories/GHSA-mjq2-xf8g-68vw • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0

A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system. Un atacante local puede escalar privilegios en Check Point ZoneAlarm Extreme Security NextGen, Identity Agent para Windows y Identity Agent para Windows Terminal Server afectados. Para aprovechar esta vulnerabilidad, un atacante primero debe obtener la capacidad de ejecutar código privilegiado local en el sistema de destino. • https://support.checkpoint.com/results/sk/sk182219 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpuapr2024.html •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... The issue results from improper privilege management. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://www.oracle.com/security-alerts/cpuapr2024.html •