Page 6 of 3096 results (0.056 seconds)

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Security-Controls-iSec-CVE-2024-10251 • CWE-276: Incorrect Default Permissions •

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0

Windows Common Log File System Driver Elevation of Privilege Vulnerability Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138 • CWE-122: Heap-based Buffer Overflow •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 4

An authenticated remote code execution vulnerability in the firmware update mechanism allows an attacker with valid credentials to escalate privileges and execute commands as root. • https://packetstorm.news/files/id/183294 https://packetstorm.news/files/id/183027 https://packetstorm.news/files/id/183028 https://packetstorm.news/files/id/183032 https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://trello.com/c/tcS6Jcfy/578-epic-games-launcher-1720 https://www.zerodayinitiative.com/advisories/ZDI-24-1646 • CWE-276: Incorrect Default Permissions •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

An implementation bug in the Kolide Agent (known as `launcher`) allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. • https://github.com/kolide/launcher/pull/1510 https://github.com/kolide/launcher/security/advisories/GHSA-66q9-2rvx-qfj5 • CWE-276: Incorrect Default Permissions CWE-456: Missing Initialization of a Variable •