Page 25 of 3015 results (0.029 seconds)

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. • https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613 https://ubuntu.com/security/notices/USN-6945-1 https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0

An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2 • CWE-20: Improper Input Validation •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190 • CWE-346: Origin Validation Error •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. • https://iknow.lenovo.com.cn/detail/186945.html • CWE-287: Improper Authentication •