CVE-2024-47475

Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service...

TeamViewer 安全漏洞

TeamViewer is software from TeamViewer, Inc. for remote access as well as remote control and remote maintenance of computers and other end devices. A security vulnerability exists in TeamViewer prior to version 24.12, which stems from insufficient permissions in the Patch and Asset Management...

CVE-2024-52586 eLabFTW MFA bypass

eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally by knowing o...

CVE-2024-49804

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks...

CVE-2024-7517

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extensio...

PT-2024-23068 · Ivanti · Ivanti Dsm

Name of the Vulnerable Software and Affected Versions: Ivanti DSM versions prior to 2024.2 Description: The issue allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via an unspecified attack vector. Recommendations: For Ivanti DSM versions pri...

PT-2024-7418 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise versions prior to 9.2.3 Splunk Enterprise versions prior to 9.1.6 Description: The software potentially exposes plaintext passwords for local native authentication Splunk users when...

PT-2024-10185 · Dell · Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.x Description: The issue is related to an incorrect permission assignment for a critical resource in the PowerScale OneFS operating system. This could allow a locally authenticated attacker...

Vulnerabilities fixed in Cisco IOS XR

Cisco has fixed vulnerabilities in IOS XR. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or execute arbitrary code on the vulnerable system. To cause a Denial-of-Service, the malicious party does not need prior authentication. To execute arbitrary code, the...

Beckhoff TwinCAT/BSD Authentication Bypass Using an Alternate Path or Channel (CVE-2024-41173)

The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2024-41173

The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker...

Beckhoff TwinCAT/BSD 安全漏洞

Beckhoff TwinCAT/BSD is a new operating system from Beckhoff Germany. A security vulnerability exists in Beckhoff TwinCAT/BSD, which stems from the IPC-Diagnostics package being susceptible to local authentication bypass by a low-privileged attacker...

CVE-2024-38884

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly implemented security checks for standard authentication mechanisms...

CVE-2023-32466

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privile...

Sensitive Information Disclosure

directus is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper error handling when using SSO providers in combination with local authentication. An attacker can determine if an email address belongs to an SSO user by observing the error message provided by...

CVE-2024-2860

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...

CVE-2024-2860

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...

CVE-2024-2860

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...

Broadcom Brocade SANnav 访问控制错误漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom, Inc. A security vulnerability exists in versions prior to Broadcom Brocade SANnav 2.3.0a that stems from the vulnerability of the PostgreSQL implementation to an incorrect local authentication flaw that allows an attack...

PT-2024-22492 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.0a Description: The PostgreSQL implementation in Brocade SANnav is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where Brocade SANnav is installed can gain access to...