Page 99 of 5093 results (0.094 seconds)

CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0

A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. ... This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of hypervisor. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0

A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. ... This vulnerability allows local attackers to escalate privileges on affected installations of VMWare Workstation. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability. Un atacante local con privilegios bajos puede realizar una escalada de privilegios con un script de inicio debido a una vulnerabilidad de TOCTOU. This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://cert.vde.com/en/advisories/VDE-2024-019 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges. Un atacante local con pocos privilegios puede utilizar una ruta de búsqueda que no sea de confianza en una utilidad del sistema CHARX para obtener privilegios de root. This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://cert.vde.com/en/advisories/VDE-2024-019 • CWE-426: Untrusted Search Path •

CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0

Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges. • https://gist.github.com/yasinyilmaz/1fe3fe58dd275edb77dcbe890fce2f2c • CWE-287: Improper Authentication •