Page 3 of 4405 results (0.021 seconds)

CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0

29 Jan 2025 — Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles. • https://gitee.com/y_project/RuoYi • CWE-863: Incorrect Authorization •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

28 Jan 2025 — Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-6436 • CWE-276: Incorrect Default Permissions •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

28 Jan 2025 — In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-114: Process Control •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

28 Jan 2025 — Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection. This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context o... • https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1001 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 2

28 Jan 2025 — This lack of proper logic validation allows malicious actors to exploit the service's methods via unauthorized client connections, and escalate privileges to root by abusing the DTConnectionHelperProtocol protocol's submitQuery method over an unauthorized XPC connection. • https://github.com/Wi1DN00B/CVE-2024-55968 • CWE-798: Use of Hard-coded Credentials •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

27 Jan 2025 — An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file. • https://gist.github.com/yahaha9/720fb45bbebda62dc198568c8d275df8 • CWE-384: Session Fixation •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

27 Jan 2025 — The service runs with NT AUTHORITY\SYSTEM privileges, enabling attackers to escalate privileges by replacing or placing a malicious executable in the service path. • https://github.com/yamerooo123/CVE/blob/main/CVE-2024-57276/Description.md • CWE-428: Unquoted Search Path or Element •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

25 Jan 2025 — Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM. • https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0543 • CWE-276: Incorrect Default Permissions •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

25 Jan 2025 — Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write. • https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0542 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-276: Incorrect Default Permissions •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

24 Jan 2025 — Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. • https://github.com/coollabsio/coolify/security/advisories/GHSA-9w72-9qww-qj6g • CWE-862: Missing Authorization •