Page 261 of 2984 results (0.027 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory. CyberArk Endpoint Privilege Manager (EPM) versiones hasta 11.5.3.328 anteriores a 20-12-2021, permite a un usuario local alcanzar privilegios elevados por medio de un troyano Procmon64.exe en el directorio Temp del usuario • https://docs.cyberark.com/Product-Doc/OnlineHelp/EPM-onprem/Latest/en/Content/Release%20Notes/RN-WhatsNew.htm https://hencohen10.medium.com/cyberark-endpoint-manager-local-privilege-escalation-cve-2021-44049-67cd5e62c3d2 https://www.cyberark.com/ca21-34 https://www.cyberark.com/product-security • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 8.8EPSS: 7%CPEs: 11EXPL: 0

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. • https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117 https://www.zerodayinitiative.com/advisories/ZDI-22-076 https://www.zerodayinitiative.com/advisories/ZDI-22-347 • CWE-287: Improper Authentication CWE-697: Incorrect Comparison •

CVSS: 9.8EPSS: 97%CPEs: 2EXPL: 8

Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. • https://github.com/jweny/CVE-2022-23131 https://github.com/kh4sh3i/CVE-2022-23131 https://github.com/Kazaf6s/CVE-2022-23131 https://github.com/1mxml/CVE-2022-23131 https://github.com/r10lab/CVE-2022-23131 https://github.com/trganda/CVE-2022-23131 https://github.com/Vulnmachines/Zabbix-CVE-2022-23131 https://github.com/pykiller/CVE-2022-23131 https://support.zabbix.com/browse/ZBX-20350 • CWE-290: Authentication Bypass by Spoofing •

CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0

An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. . ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. • https://www.zerodayinitiative.com/advisories/ZDI-22-073 • CWE-908: Use of Uninitialized Resource •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. • https://security.paloaltonetworks.com/CVE-2022-0015 • CWE-427: Uncontrolled Search Path Element •