Page 92 of 3131 results (0.041 seconds)

CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0

17 May 2023 — This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. • https://access.redhat.com/errata/RHSA-2023:6583 • CWE-415: Double Free •

CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0

17 May 2023 — An attacker can leverage this in conjunction with other vulnerabilties to escalate privileges and execute arbitrary code in the context of the kernel. • https://access.redhat.com/security/cve/CVE-2023-2860 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

17 May 2023 — A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

17 May 2023 — A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 1

16 May 2023 — Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours. • https://danrevah.github.io/2023/05/03/CVE-2023-25394-VideoStream-LPE • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

16 May 2023 — An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/bludit/2023/Bludit-v4.0.0-Release-candidate-2 •

CVSS: 6.7EPSS: 0%CPEs: 12EXPL: 0

12 May 2023 — VMware Aria Operations contains a Local privilege escalation vulnerability. • https://www.vmware.com/security/advisories/VMSA-2023-0009.html •

CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0

12 May 2023 — A malicious actor with administrative access to the local system can escalate privileges to 'root'. • https://www.vmware.com/security/advisories/VMSA-2023-0009.html •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

11 May 2023 — Incorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all versions prior to v8.0 allows attackers to escalate privileges to root via supplying a crafted binary to the target system. • https://github.com/0xInfection/EPScalate •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

09 May 2023 — Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter. • https://github.com/huyiwill/shopcms_lang/issues/1 • CWE-269: Improper Privilege Management •