Search Results (Refine Search)
- Keyword (text search): Windows
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-28347 |
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulnerabilities within the Teacher Console application and achieve remote code execution as NT AUTHORITY/SYSTEM on all connected Student Consoles and the Teacher Console in a Zero Click manner. Published: May 30, 2023; 8:15:09 PM -0400 |
V3.1: 9.6 CRITICAL V2.0:(not available) |
CVE-2023-28346 |
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact with private pages on the web server, enabling them to perform privileged actions such as logging into the console and changing console settings if they have valid credentials. Published: May 30, 2023; 8:15:09 PM -0400 |
V3.1: 7.3 HIGH V2.0:(not available) |
CVE-2023-28345 |
An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher's Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser, navigate to the affected endpoint and obtain the teacher's password. This enables them to log into the Teacher Console and begin trivially attacking student machines. Published: May 30, 2023; 8:15:09 PM -0400 |
V3.1: 4.6 MEDIUM V2.0:(not available) |
CVE-2023-28344 |
An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on behalf of students. Attackers are able to view screenshots of student desktops without their consent. These screenshots may potentially contain sensitive/personal data. Attackers can also rapidly submit falsified images, hiding the actual contents of student desktops from the Teacher Console. Published: May 30, 2023; 8:15:09 PM -0400 |
V3.1: 7.1 HIGH V2.0:(not available) |
CVE-2023-2939 |
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium) Published: May 30, 2023; 6:15:10 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-32448 |
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems. Published: May 30, 2023; 12:15:09 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-28080 |
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. Published: May 30, 2023; 12:15:09 PM -0400 |
V3.1: 7.3 HIGH V2.0:(not available) |
CVE-2023-28079 |
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. Published: May 30, 2023; 12:15:09 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2021-25749 |
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. Published: May 24, 2023; 1:15:09 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-33240 |
Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2. Published: May 19, 2023; 2:15:08 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-32322 |
Ombi is an open source application which allows users to request specific media from popular self-hosted streaming servers. Versions prior to 4.38.2 contain an arbitrary file read vulnerability where an Ombi administrative user may access files available to the Ombi server process on the host operating system. Ombi administrators may not always be local system administrators and so this may violate the security expectations of the system. The arbitrary file read vulnerability was present in `ReadLogFile` and `Download` endpoints in `SystemControllers.cs` as the parameter `logFileName` is not sanitized before being combined with the `Logs` directory. When using `Path.Combine(arg1, arg2, arg3)`, an attacker may be able to escape to folders/files outside of `Path.Combine(arg1, arg2)` by using ".." in `arg3`. In addition, by specifying an absolute path for `arg3`, `Path.Combine` will completely ignore the first two arguments and just return just `arg3`. This vulnerability can lead to information disclosure. The Ombi `documentation` suggests running Ombi as a Service with Administrator privileges. An attacker targeting such an application may be able to read the files of any Windows user on the host machine and certain system files. This issue has been addressed in commit `b8a8f029` and in release version 4.38.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GHSL-2023-088. Published: May 18, 2023; 1:15:09 PM -0400 |
V3.1: 4.9 MEDIUM V2.0:(not available) |
CVE-2022-45450 |
Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984. Published: May 18, 2023; 6:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-31702 |
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1. Published: May 17, 2023; 9:15:09 AM -0400 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-2679 |
Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data. Published: May 17, 2023; 9:15:09 AM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-27382 |
Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access. Published: May 10, 2023; 10:15:32 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-41771 |
Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access. Published: May 10, 2023; 10:15:20 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-41699 |
Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Published: May 10, 2023; 10:15:19 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-41687 |
Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access. Published: May 10, 2023; 10:15:18 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-41628 |
Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access. Published: May 10, 2023; 10:15:17 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-41621 |
Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access. Published: May 10, 2023; 10:15:16 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |