Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen
Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `root
Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root.
An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3.
Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious
An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege.
Uncontrolled search path for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of privil
Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function.
Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method.
Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable information disclosure via local access.
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code
shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of us
An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissi
An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissi
In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed.
In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional exec
A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search
Uncontrolled search path for some Intel(R) Graphics Software before version 25.22.1502.2 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an
Page 1+ Next →