Page 2 of 4405 results (0.012 seconds)

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

31 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7842 • CWE-426: Untrusted Search Path •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

31 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7841 • CWE-426: Untrusted Search Path •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

31 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7839 • CWE-426: Untrusted Search Path •

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0

31 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7829 • CWE-426: Untrusted Search Path •

CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0

31 Jan 2025 — Local privilege escalation due to unquoted search path vulnerability. • https://security-advisory.acronis.com/advisories/SEC-6153 • CWE-428: Unquoted Search Path or Element •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

30 Jan 2025 — This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Wondershare\wsServices\ElevationService.exe’ with a malicious binary. • https://www.incibe.es/en/incibe-cert/notices/aviso/wondershare-drfone-privilege-scalation-vulnerability • CWE-269: Improper Privilege Management •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

29 Jan 2025 — The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. • https://github.com/snowflakedb/snowflake-connector-python/commit/3769b43822357c3874c40f5e74068458c2dc79af • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

29 Jan 2025 — When the EXTERNALBROWSER authentication method is used on Windows, an attacker with write access to a directory in the %PATH% can escalate their privileges to the user that runs the vulnerable JDBC Driver version. • https://github.com/snowflakedb/snowflake-jdbc/commit/4f01bb8f9b708c71e7a2111c87371dbfc1d53dd6 • CWE-426: Untrusted Search Path •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

29 Jan 2025 — Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation. • https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3pqh-p72c-fj85 • CWE-269: Improper Privilege Management •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

29 Jan 2025 — Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters. • http://www.hzzcka.com • CWE-522: Insufficiently Protected Credentials •