CVE-2024-36294

Insecure inherited permissions for some IntelR DSA software before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-32485

Improper Input Validation in some IntelR VROC software before version 8.6.0.2003 may allow an authenticated user to potentially enable denial of service via local access...

CVE-2024-29119

CVE-2024-29119 affects Siemens Spectrum Power 7 prior to V24Q3. The product contains root-owned SUID binaries that authenticated local attackers could leverage to escalate privileges (local, low complexity). CVSS vectors in the initial record indicate High impact to confidentiality, integrity, an...

intel-microcode: Race conditions in some Intel(R) Processors

A flaw was found in intel-microcode. The hardware logic contains race conditions in some IntelR processors that may allow an authenticated user to enable partial information disclosure via local access...

Cisco ATA 190 操作系统命令注入漏洞

The Cisco ATA 190 is an analog phone adapter from Cisco USA. The Cisco ATA 190 suffers from an operating system command injection vulnerability that arises from improperly cleaned CLI input. An authenticated, local attacker with elevated privileges could use this vulnerability to execute arbitrar...

Medium: clamav

Issue Overview: A vulnerability in the PDF parsing module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacke...

Siemens ModelSim 代码问题漏洞

Questa and ModelSim simulators are used worldwide for simulating, debugging and verifying integrated circuit designs, among other things. An uncontrolled search path element vulnerability exists in Siemens Questa and ModelSim, which can be exploited by an authenticated, local attacker to inject...

Siemens ModelSim和Questa 代码问题漏洞

Questa and ModelSim simulators are used worldwide for simulating, debugging and verifying integrated circuit designs, among other things. An uncontrolled search path element vulnerability exists in Siemens Questa and ModelSim, which can be exploited by an authenticated, local attacker to inject...

Cisco Expressway Series 安全漏洞

Cisco Expressway Series is a software from Cisco USA for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping telecommuters work more efficiently on the devices of their choice. A command injection vulnerability exists ...

PT-2024-39461 · Tenable · Nessus Network Monitor

Name of the Vulnerable Software and Affected Versions: Nessus Network Monitor versions 6.4.1 and earlier Description: A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the...

Cisco Meraki Systems Manager 安全漏洞

Cisco Meraki Systems Manager Cisco Meraki SM is a systems manager from Cisco USA. A security vulnerability exists in Cisco Meraki Systems Manager that stems from incorrect handling of directory search paths, allowing an authenticated, local attacker to execute arbitrary code with elevated...

PT-2024-7813 · Siemens · Sinumerik 828D V4 +3

Name of the Vulnerable Software and Affected Versions: SINUMERIK 828D V4 All versions SINUMERIK 828D V5 All versions V5.24 SINUMERIK 840D sl V4 All versions SINUMERIK ONE All versions V6.24 Description: A vulnerability has been identified in the affected devices, which do not properly enforce...

DEBIAN-CVE-2024-20506

A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine Cisco ISE is an environment-aware platform ISE Identity Services Engine from Cisco USA. The platform regulates the network by collecting real-time information from the network, users, and devices, and formulating and enforcing policies accordingly. A security...

CVE-2024-5623

An untrusted search path vulnerability in B&R APROL = R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges...

B&R APROL 安全漏洞

B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation, Austria. A security vulnerability exists in B&R APROL that stems from the presence of an untrusted search path vulnerability that allows an authenticated, local attacker to execute arbitrary code with...

Rockwell Automation ThinManager 安全漏洞

Rockwell Automation ThinManager is the United States Rockwell Rockwell Automation a thin client management software. A remote code execution vulnerability exists in Rockwell Automation ThinManager ThinServer, which can be exploited by an authenticated, local attacker to submit a special request t...

SUSE CVE-2024-21810

Improper input validation in the Linux kernel mode driver for some IntelR Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-39283

Incomplete filtering of special elements in IntelR TDX module software before version TDX1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-24973

Improper input validation for some IntelR Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access...