Page 2 of 3119 results (0.185 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

31 Dec 2024 — A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

31 Dec 2024 — A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-266: Incorrect Privilege Assignment •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

31 Dec 2024 — A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-266: Incorrect Privilege Assignment •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

30 Dec 2024 — An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0. • https://advisories.softiron.cloud • CWE-269: Improper Privilege Management CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

30 Dec 2024 — Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate pri... • https://www.foxit.com/support/security-bulletins.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

30 Dec 2024 — Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to esc... • https://www.zerodayinitiative.com/advisories/ZDI-24-1727 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

27 Dec 2024 — Successful exploitation may lead to local privilege escalation. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphone-en • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

23 Dec 2024 — A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. • https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-default-permissions-biamp-evoko-home • CWE-276: Incorrect Default Permissions •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

20 Dec 2024 — This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation. • https://github.com/sebhildebrandt/systeminformation/commit/f7af0a67b78e7894335a6cad510566a25e06ae41 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

20 Dec 2024 — Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows authenticated attackers to escalate privileges. • https://medium.com/@hamzanadeem1337/unauthorized-full-vertical-privilege-escalation-in-digiteam-sales-gamification-portal-version-4-21-0-c3e3282e9053 • CWE-352: Cross-Site Request Forgery (CSRF) •