A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
Executive Summary An Elevation of Privilege (EOP) vulnerability has been identified within Service Fabric clusters that run Docker containers. Exploitation of this EOP vulnerability requires an attacker to gain remote code execution within a container. All Service Fabric and Docker versions are impacted.
Secure Boot Security Feature Bypass Vulnerability
Proxy Driver Spoofing Vulnerability
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version.
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent.
Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges.
Azure Sphere Tampering Vulnerability
Intune Management Extension Security Feature Bypass Vulnerability
Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges.
Active Template Library Elevation of Privilege Vulnerability
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567.
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability.
A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and 14.6.4835 (fixed in 14.7.1965) on Windows could allow an attacker to perform code execution on a target system via a service restart where the DLL was previously installed with administrative privileges. Exploitation requires that an attacker be able to create a new file in the TeamViewer application directory; directory permissions restrict that by default.
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows.
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099.
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.
IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366.
Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this vulnerability on macOS is not the same as CVE-2024-30165.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker would have the ability to completely manipulate data in a certified PDF without invalidating the original certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file.
A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64).
hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection.
An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check.
In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it.
Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp).
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker could leverage this vulnerability to modify content in a certified PDF without invalidating the certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file.
The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.