3455 results (0.011 seconds)

CVSS: 6.7EPSS: %CPEs: -EXPL: 0

VMware NSX contains a local privilege escalation vulnerability.  An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047 • CWE-269: Improper Privilege Management •

CVSS: 5.2EPSS: %CPEs: 5EXPL: 0

A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect. • https://security.paloaltonetworks.com/CVE-2024-9473 • CWE-250: Execution with Unnecessary Privileges

CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0

Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. • https://forums.ivanti.com/s/article/Security-Advisory-Velocity-License-Server-CVE-2024-9167 • CWE-276: Incorrect Default Permissions •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-196 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0

This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory. • https://cert-portal.siemens.com/productcert/html/ssa-426509.html • CWE-427: Uncontrolled Search Path Element •