Page 18 of 3567 results (0.180 seconds)

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. • https://forums.ivanti.com/s/article/Security-Advisory-Velocity-License-Server-CVE-2024-9167 • CWE-276: Incorrect Default Permissions •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-196 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0

This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory. • https://cert-portal.siemens.com/productcert/html/ssa-426509.html • CWE-427: Uncontrolled Search Path Element •

CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0

This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory. • https://cert-portal.siemens.com/productcert/html/ssa-426509.html • CWE-427: Uncontrolled Search Path Element •

CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0

This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vish2.exe from a user-writable directory. • https://cert-portal.siemens.com/productcert/html/ssa-426509.html • CWE-427: Uncontrolled Search Path Element •