Page 23 of 5009 results (0.198 seconds)

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure. • https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable • CWE-252: Unchecked Return Value CWE-1256: Improper Restriction of Software Interfaces to Hardware Features •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. • https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable • CWE-252: Unchecked Return Value CWE-1256: Improper Restriction of Software Interfaces to Hardware Features •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-4505 • CWE-427: Uncontrolled Search Path Element •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-3079 • CWE-427: Uncontrolled Search Path Element •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password. This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024 https://www.progress.com/network-monitoring • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •