mariadb: CONNECT storage engine heap-based buffer overflow

A flaw was found in MariaDB. Lack of input validation leads to a heap buffer overflow. This flaw allows an authenticated, local attacker with at least a low level of privileges to submit a crafted SQL query to MariaDB and escalate their privileges to the level of the MariaDB service user, running...

Cisco Identity Services Engine Security Vulnerability

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The ISE collects real-time information about the network, users, and devices to formulate and enforce policies to regulate the network. A security vulnerability exists in the Cisco Identit...

PT-2023-28677 · Dell · Dell Unity

Name of the Vulnerable Software and Affected Versions: Dell Unity versions prior to 5.3 Description: The issue allows an authenticated, local attacker to exploit a Restricted Shell Bypass vulnerability by authenticating to the device CLI and issuing certain commands. Recommendations: For versions...

CVE-2023-38640

A vulnerability has been identified in SICAM PAS/PQS All versions = V8.00 V8.22. The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the applicatio...

CVE-2023-45205

A vulnerability has been identified in SICAM PAS/PQS All versions = V8.00 V8.20. The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to NT AUTHORITY/SYSTE...

CVE-2023-43069

Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...

PT-2023-5460 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system...

PT-2023-5034 · Cisco · Cisco Fxos

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software affected versions not specified Description: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device,...

Cisco ThousandEyes Enterprise Agent 安全漏洞

Cisco ThousandEyes Enterprise Agent is an application from Cisco, Inc. provides extended visibility, automated insights, and seamless workflow. A security vulnerability exists in Cisco ThousandEyes Enterprise Agent that stems from insufficient input validation to the CLI, which could allow an...

PT-2023-4613 · Cisco · Cisco Thousandeyes Enterprise Agent

Name of the Vulnerable Software and Affected Versions: Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type affected versions not specified Description: A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker to elevate...

PT-2023-17416 · Cisco · Cisco Thousandeyes Enterprise Agent

Name of the Vulnerable Software and Affected Versions: Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type affected versions not specified Description: A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker to elevate...

CVE-2023-33877

Out-of-bounds write in some IntelR RealSenseTM ID software for IntelR RealSenseTM 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-25944

Uncontrolled search path element in some IntelR VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local access...

ALPINE-CVE-2022-40982

Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

PT-2023-24870 · Intel · Intel Realsense Id

Name of the Vulnerable Software and Affected Versions: IntelR RealSenseTM ID software for IntelR RealSenseTM 450 FA version 0.25.0 Description: The issue is related to a protection mechanism failure in the IntelR RealSenseTM ID software, which may allow an authenticated user to potentially enable...

PT-2023-21920 · Unknown · Hyperscan Library

Name of the Vulnerable Software and Affected Versions: Hyperscan Library versions prior to 5.4.1 Description: Insufficient control flow management in the Hyperscan Library may allow an authenticated user to potentially enable denial of service via local access. Recommendations: For versions prior...

CVE-2023-31427

Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled...

PT-2023-24689 · Zoom · Zoom Rooms For Windows

Name of the Vulnerable Software and Affected Versions: Zoom Rooms for Windows versions prior to 5.15.0 Description: The issue is related to an insecure temporary file in the installer, which may allow an authenticated user to enable an escalation of privilege via local access. Recommendations: Fo...

PT-2023-7305 · Zyxel · Zyxel Nwa50Ax +8

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series versions 4.32 through 5.37 Zyxel USG FLEX series versions 4.50 through 5.37 Zyxel USG FLEX 50W series versions 4.16 through 5.37 Zyxel USG20W-VPN series versions 4.16 through 5.37 Zyxel VPN series versions 4.30 through 5.37...

Rockwell Automation FactoryTalk Services Platform 信任管理问题漏洞

Rockwell Automation FactoryTalk Services Platform is a suite of services platforms from Rockwell Automation, Inc. that consists of multiple products that provide applications with routine services such as diagnostic information, health monitoring, and real-time data access. A security vulnerabili...