Page 33 of 7991 results (0.263 seconds)

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0

25 Nov 2024 — Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. • https://github.com/mlflow/mlflow/pull/10874 • CWE-276: Incorrect Default Permissions CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

25 Nov 2024 — This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. • https://access.redhat.com/security/cve/CVE-2024-11483 • CWE-284: Improper Access Control •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

22 Nov 2024 — Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. • https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html • CWE-250: Execution with Unnecessary Privileges •

CVSS: 6.8EPSS: 0%CPEs: -EXPL: 1

22 Nov 2024 — An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method • https://github.com/SAHALLL/CVE-2024-50657 • CWE-276: Incorrect Default Permissions •

CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0

22 Nov 2024 — Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS- before v.3.3.0.16 allows an attacker to execute arbitrary code and escalate privileges via a crafted script • https://openjournaltheme.com/urgent-critical-vulnerabilities-in-3-3-0-18-upgrade-your-ojs-now • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

20 Nov 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-09-01 • CWE-294: Authentication Bypass by Capture-replay •

CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0

20 Nov 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-09-01 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

20 Nov 2024 — This could lead to local escalation of privilege in the system server with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-09-01 • CWE-787: Out-of-bounds Write •

CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0

20 Nov 2024 — This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. ... Esto podría provocar una escalada local de privilegios en una aplicación privilegiada sin necesidad de privilegios de ejecución adicionales. • https://source.android.com/security/bulletin/2018-09-01 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

20 Nov 2024 — An issue in Audimex EE v.15.1.20 and before allows a remote attacker to escalate privileges. ... An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Analyzing the offline client code, it was identified that it is possible for any user (with any privilege) of Audimex to dump the whole Audimex database. • https://en.web-audimex.com/ee-auditmanagement •