Page 213 of 5113 results (0.073 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint. • https://gist.github.com/GroundCTL2MajorTom/eef0d55f5df77cc911d84392acdbf625 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. VMware Fusion (13.x anterior a 13.5) contiene una vulnerabilidad de escalada de privilegios local que ocurre durante la instalación por primera vez (el usuario necesita arrastrar o copiar la aplicación a una carpeta desde el volumen '.dmg') o al instalar una actualización. Un actor malicioso con privilegios de usuario local no administrativo puede aprovechar esta vulnerabilidad para escalar privilegios a root en el System donde Fusion está instalado o donde se instala por primera vez. • https://www.vmware.com/security/advisories/VMSA-2023-0022.html •

CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0

A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. ... Un actor malicioso con privilegios de usuario local no administrativo puede aprovechar esta vulnerabilidad para escalar privilegios a root en el System donde Fusion está instalado o donde se instala por primera vez. • https://www.vmware.com/security/advisories/VMSA-2023-0022.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation. ... This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Access Rights Manager. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35183 • CWE-276: Incorrect Default Permissions •