Page 5 of 5119 results (0.395 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF https://sick.com/psirt https://www.cisa.gov/resources-tools/resources/ics-recommended-practices https://www.first.org/cvss/calculator/3.1 https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.json https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.pdf • CWE-250: Execution with Unnecessary Privileges •

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges • http://redaxo-core.com http://redaxo.com https://github.com/Praison001/CVE-2024-50803-Redaxo • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. • https://success.trendmicro.com/en-US/solution/KA-0018154 https://www.zerodayinitiative.com/advisories/ZDI-24-1516 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges. • https://github.com/Nero22k/Disclosures/blob/main/QuickHealAV/CVE-2024-48292.md https://www.quickheal.com/download-free-antivirus • CWE-276: Incorrect Default Permissions •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-05-01 • CWE-276: Incorrect Default Permissions •