CVE-2024-22184

Uncontrolled search path for some IntelR QuartusR Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

PT-2024-7930 · Intel · Intel Distribution For Gdb

Name of the Vulnerable Software and Affected Versions: IntelR Distribution for GDB software versions prior to 2024.0.1 Description: The issue is related to an uncontrolled search path in the IntelR Distribution for GDB software, which may allow an authenticated user to potentially enable escalati...

CVE-2024-39827

Improper input validation in the installer for Zoom Workplace Desktop App for Windows before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access...

Zoom Workplace Security Vulnerability

Zoom Workplace is a desktop application from Zoom USA. A security vulnerability exists in Zoom Workplace that stems from improper input validation in the desktop application installer could allow an authenticated user to perform a denial of service via local access...

CVE-2024-39568

A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.2 HF1. The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker...

CVE-2024-39567

A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.2 HF1. The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker t...

Medicalis Workflow Orchestrator Security Breach

Siemens Medicalis Workflow Orchestrator is a workflow orchestrator from Siemens Germany. It can be used as a common platform to standardize the workflow of radiologists. A security vulnerability exists in all versions of Medicalis Workflow Orchestrator that stems from the application executing as...

Cisco NX-OS Software 操作系统命令注入漏洞

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. A command injection vulnerability exists in Cisco NX-OS Software, which arises from insufficient validation of parameters passed to specific configuration CLI commands, and...

SUSE CVE-2023-22656

Out-of-bounds read in IntelR Media SDK and some IntelR oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access...

WordPress WP Magazine Modules Lite plugin <= 1.1.2 - Authenticated Local File Inclusion vulnerability

Authenticated Local File Inclusion vulnerability discovered by stealthcopter in WordPress Plugin WP Magazine Modules Lite versions = 1.1.2...

CVE-2024-37081

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance...

Zyxel NAS Multiple Vulnerabilities

The Zyxel NAS is potentially affected by multiple vulnerabilities. - This command injection vulnerability in the 'setCookie' parameter in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some OS commands by sending a crafted HTTP POST request. CVE-2024-29973 - Th...

Dell BIOS 缓冲区错误漏洞

Dell BIOS is embedded software on a small memory chip on the motherboard of a computer from Dell USA. Dell BIOS suffers from a buffer overflow vulnerability that originates from a boundary error when the application processes untrusted input. A local, authenticated attacker with administrator...

CVE-2024-29975

UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated local attacker with administrator privileges to execute...

CVE-2024-29975

UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated local attacker with administrator privileges to execute...

CVE-2024-29975

UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated local attacker with administrator privileges to execute...

CVE-2024-5523

SQL injection vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability could allow an authenticated local user to send a specially crafted SQL query to the 'searchString' parameter and retrieve all information stored in the database...

CVE-2024-5523 SQL injection vulnerability in Astrotalks

SQL injection vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability could allow an authenticated local user to send a specially crafted SQL query to the 'searchString' parameter and retrieve all information stored in the database...

CVE-2024-22026

A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance...

CVE-2024-0816

The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50ABVY.4C0 could allow an authenticated local attacker to cause denial of service DoS conditions by executing the CLI command with crafted strings on an affected device...