Page 57 of 5013 results (0.204 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. • https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html https://trusted.jamf.com/docs/establishing-compliance-baselines#support • CWE-269: Improper Privilege Management •

CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1

This allows a local, low-privileged attacker to use a chain of actions, to open a fully functional cmd.exe with the privileges of the SYSTEM user. ... Se descubrió que los archivos de instalación de SoftMaker Office y FreeOffice MSI producían una ventana visible de conhost.exe ejecutándose como el usuario de SYSTEM cuando se utiliza la función de reparación de msiexec.exe.Esto permite a un atacante local con pocos privilegios utilizar una cadena de acciones para abrir un cmd.exe completamente funcional con los privilegios del usuario de SYSTEM. SoftMaker Office and FreeOffice suffer from a local privilege escalation vulnerability via the MSI installer. • http://seclists.org/fulldisclosure/2024/Jul/5 https://r.sec-consult.com/softmaker https://softmaker.de/download/servicepacks https://www.freeoffice.com/de/download/servicepacks • CWE-266: Incorrect Privilege Assignment •

CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0

An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the core agent service loads that file. • https://docs.delinea.com/online-help/privilege-manager/release-notes/12.0.1-combined.htm https://www.cyberark.com/resources/threat-research-blog/identity-crisis-the-curious-case-of-a-delinea-local-privilege-escalation-vulnerability •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter. • https://github.com/A3h1nt/CVEs/tree/main/OpenEMR https://github.com/openemr/openemr/pull/7435#event-12872646667 • CWE-279: Incorrect Execution-Assigned Permissions •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

This can be used to escalate privileges to Admin. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges to resources normally protected from the user. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-918: Server-Side Request Forgery (SSRF) •