Page 134 of 3552 results (0.016 seconds)

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges. • https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf • CWE-295: Improper Certificate Validation •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-5620 • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM. • https://github.com/mullvad/mullvadvpn-app/pull/5398 https://github.com/mullvad/mullvadvpn-app/releases/tag/2023.6 https://github.com/mullvad/mullvadvpn-app/releases/tag/2023.6-beta1 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The application is ran as administrator (or at least a user with higher privileges than the attacker). 3. • https://github.com/pyinstaller/pyinstaller/pull/7827 https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-9w2p-rh8c-v9g5 https://github.com/python/cpython/blob/0fb18b02c8ad56299d6a2910be0bab8ad601ef24/Lib/shutil.py#L623 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2K2XIQLEMZIKUQUOWNDYWTEWYQTKMAN7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRWT34FAF23PUOLVZ7RVWBZMWPDR5U7 • CWE-379: Creation of Temporary File in Directory with Insecure Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface. • https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-023.txt https://www.syss.de/pentest-blog/command-injection-via-cli-des-draytek-vigor167-syss-2023-023 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •