Page 264 of 2984 results (0.019 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. • https://www.starwindsoftware.com/security/sw-20211215-0001 https://www.starwindsoftware.com/security/sw-20211512-0001 • CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method. Un canal Named Pipe no autenticado en el agente en tiempo real de Controlup (cuAgent.exe) versiones anteriores a 8.5, permite potencialmente a un atacante ejecutar comandos del Sistema Operativo por medio del método ProcessActionRequest WCF • https://controlup.com https://www.controlup.com/security/security-advisory-local-privilege-escalation • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0

Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. • https://www.tenable.com/security/research/tra-2021-58 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. • https://www.tenable.com/security/research/tra-2021-56 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1360 • CWE-276: Incorrect Default Permissions •