Search
Total
6341 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1794 | 2 Codesys, Microsoft | 2 Opc Da Server, Windows | 2022-07-15 | 4.7 MEDIUM | 5.5 MEDIUM |
| The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system. | |||||
| CVE-2021-35248 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2022-07-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings. | |||||
| CVE-2022-23714 | 2 Elastic, Microsoft | 2 Endpoint Security, Windows | 2022-07-14 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | |||||
| CVE-2018-3185 | 5 Canonical, Mariadb, Microsoft and 2 more | 9 Ubuntu Linux, Mariadb, Windows and 6 more | 2022-07-13 | 5.5 MEDIUM | 5.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | |||||
| CVE-2020-4757 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2022-07-12 | 3.5 LOW | 6.4 MEDIUM |
| IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600. | |||||
| CVE-2021-40989 | 2 Arubanetworks, Microsoft | 2 Clearpass Policy Manager, Windows | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-20582 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 199328. | |||||
| CVE-2021-29747 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. IBM X-Force ID: 201775. | |||||
| CVE-2021-42955 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Remote Access Plus | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account. | |||||
| CVE-2021-29686 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015 | |||||
| CVE-2021-27195 | 2 Microsoft, Netop | 2 Windows, Vision Pro | 2022-07-12 | 5.0 MEDIUM | 5.9 MEDIUM |
| Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an attacker to replay network traffic. | |||||
| CVE-2021-29736 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300. | |||||
| CVE-2021-34424 | 5 Apple, Google, Linux and 2 more | 30 Iphone Os, Macos, Android and 27 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom on-premise Meeting Connector before version 4.8.12.20211115, Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115, Zoom on-premise Recording Connector before version 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product's memory. | |||||
| CVE-2020-24557 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Worry-free Business Security | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected. | |||||
| CVE-2021-1055 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2022-07-12 | 4.6 MEDIUM | 5.3 MEDIUM |
| NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which improper access control may lead to denial of service and information disclosure. | |||||
| CVE-2020-11492 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges. | |||||
| CVE-2021-37969 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. | |||||
| CVE-2021-40826 | 2 Clementine-player, Microsoft | 2 Clementine, Windows | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user. | |||||
| CVE-2021-1052 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Gpu Driver | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure. | |||||
| CVE-2021-34687 | 2 Idrive, Microsoft | 2 Remotepc, Windows | 2022-07-12 | 2.9 LOW | 5.3 MEDIUM |
| iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher. | |||||
| CVE-2021-34688 | 2 Idrive, Microsoft | 2 Remotepc, Windows | 2022-07-12 | 2.1 LOW | 3.3 LOW |
| iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an attacker. | |||||
| CVE-2021-20100 | 2 Microsoft, Tenable | 2 Windows, Nessus | 2022-07-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099. | |||||
| CVE-2021-20099 | 2 Microsoft, Tenable | 2 Windows, Nessus | 2022-07-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100. | |||||
| CVE-2021-29951 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2022-07-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1. | |||||
| CVE-2021-1073 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2022-07-12 | 5.1 MEDIUM | 8.3 HIGH |
| NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost. | |||||
| CVE-2021-28818 | 2 Microsoft, Tibco | 2 Windows, Rendezvous | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below. | |||||
| CVE-2021-28817 | 2 Microsoft, Tibco | 2 Windows, Rendezvous | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below. | |||||
| CVE-2021-27893 | 2 Microsoft, Ssh | 4 Windows, Tectia Client, Tectia Connectsecure and 1 more | 2022-07-12 | 4.4 MEDIUM | 7.0 HIGH |
| SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected. | |||||
| CVE-2021-44466 | 2 Leap, Microsoft | 2 Bitmask Riseup Vpn, Windows | 2022-07-12 | 4.6 MEDIUM | 7.3 HIGH |
| Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. When the software is installed with a non-default installation directory off of the system root, the installer fails to properly set ACLs. This allows lower privileged users to replace the VPN executable with a malicious one. When a higher privileged user such as an Administrator launches that executable, it is possible for the lower privileged user to escalate to Administrator privileges. | |||||
| CVE-2021-27892 | 2 Microsoft, Ssh | 4 Windows, Tectia Client, Tectia Connectsecure and 1 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected. | |||||
| CVE-2021-42954 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Remote Access Plus | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc. | |||||
| CVE-2021-3848 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Worry-free Business Security | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-38951 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405. | |||||
| CVE-2021-20488 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2022-07-12 | 3.5 LOW | 6.5 MEDIUM |
| IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789. | |||||
| CVE-2021-38926 | 6 Hp, Ibm, Linux and 3 more | 7 Hp-ux, Aix, Db2 and 4 more | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321. | |||||
| CVE-2021-29754 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006. | |||||
| CVE-2020-12962 | 2 Amd, Microsoft | 2 Radeon Software, Windows | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation. | |||||
| CVE-2021-20081 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Servicedesk Plus | 2022-07-12 | 9.0 HIGH | 7.2 HIGH |
| Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. | |||||
| CVE-2021-44226 | 2 Microsoft, Razer | 2 Windows, Synapse | 2022-07-12 | 6.9 MEDIUM | 7.3 HIGH |
| Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there. | |||||
| CVE-2021-36744 | 2 Microsoft, Trendmicro | 5 Windows, Maximum Security 2019, Maximum Security 2020 and 2 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service. | |||||
| CVE-2021-38088 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. | |||||
| CVE-2021-38979 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785. | |||||
| CVE-2021-45441 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-38977 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2022-07-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 212782. | |||||
| CVE-2021-22004 | 3 Fedoraproject, Microsoft, Saltstack | 3 Fedora, Windows, Salt | 2022-07-12 | 4.4 MEDIUM | 6.4 MEDIUM |
| An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software. | |||||
| CVE-2021-29645 | 2 Hitachi, Microsoft | 15 It Operations Director, Job Management Partner 1\/it Desktop Management-manager, Job Management Partner 1\/it Desktop Management 2-manager and 12 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system. | |||||
| CVE-2021-45231 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-20907 | 2 Metinfo, Microsoft | 2 Metinfo, Windows | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php. | |||||
| CVE-2022-23763 | 2 Douzone, Microsoft | 2 Neors, Windows | 2022-07-11 | 6.8 MEDIUM | 8.8 HIGH |
| Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access crafted web pages, causing damage such as malicious code infections. | |||||
| CVE-2017-20107 | 2 Microsoft, Shadeyouvpn.com Project | 2 Windows, Shadeyouvpn.com | 2022-07-11 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1.12 is able to address this issue. It is recommended to upgrade the affected component. | |||||