805 matches found
CVE-2025-20155
A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient input validation of the bootstrap file that is read by the system software when a device is firs...
CVE-2025-20122
CVE-2025-20122 affects Cisco Catalyst SD-WAN Manager (formerly Cisco SD-WAN vManage). The vulnerability stems from insufficient input validation in the CLI, enabling an authenticated, local attacker with read-only privileges to craft a request that could grant root privileges on the underlying OS...
Cisco IOS XE Software Bootstrap Arbitrary File Write (cisco-sa-bootstrap-KfgxYgdh)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient...
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
CVE-2025-1731
CVE-2025-1731 concerns Zyxel USG FLEX H series devices running uOS 1.20–1.31. The issue is an incorrect permission assignment in the PostgreSQL command handling, which could let an authenticated local attacker with low privileges gain access to the Linux shell and escalate privileges by crafting ...
CVE-2025-2159
Stored XSS in Desktop UI in M-Files Server Admin tool before version 25.3.14681.7 on Windows allows authenticated local user to run scripts via UI...
CVE-2025-2159
Stored XSS in Desktop UI in M-Files Server Admin tool before version 25.3.14681.7 on Windows allows authenticated local user to run scripts via UI...
CVE-2025-2782 WatchGuard Terminal Services Agent Local Privilege Escalation via Non-Standard Installation Directory
The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: from...
CVE-2024-45481
An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B APROL 4.4-00P5 may allow an authenticated local attacker to authenticate as another legitimate user...
CVE-2024-45482
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL 4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands...
CVE-2024-45482 Privilege escalation in B&R APROL
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL 4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands...
CVE-2024-45481 Improper authentication in SSH of B&R APROL
An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL 4.4-00P5 may allow an authenticated local attacker to authenticate as another legitimate user...
CVE-2024-45481
CVE-2024-45481 affects the SSH server in B&R APROL prior to 4.4-00P5. The vulnerability is due to incomplete filtering of special elements in scripts, enabling an authenticated local attacker to authenticate as another legitimate user. CVSS 4.0 vector indicates Local access, Low privileges requir...
CVE-2025-20138
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...
CVE-2025-20143 Cisco IOS XR Software Secure Boot Bypass Vulnerability
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges o...
Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure (cisco-sa-phone-info-disc-YyxsWStK)
According to its self-reported version, Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure is affected by a vulnerability. - A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access...
CVE-2025-20158
CVE-2025-20158 affects Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series. The issue is in the debug shell which fails to validate user input, allowing an authenticated local attacker with valid SSH credentials to run a crafted SSH command against the CLI and potentially access information f...
Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability
A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access ...
USN-7269-1: Intel Microcode vulnerabilities
Ke Sun, Paul Grosen and Alyssa Milburn discovered that some Intel® Processors did not properly implement Finite State Machines FSMs in Hardware Logic. A local privileged attacker could use this issue to cause a denial of service. CVE-2024-31068 It was discovered that some Intel® Processors with...