Aruba Networks ArubaOS 安全漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from a buffer overflow in the underlying Local User...

PT-2024-3680 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS versions affected versions not specified Description: The issue is a buffer overflow vulnerability in the Local User Authentication Database service. This vulnerability could lead to unauthenticated remote code execution by sending...

CVE-2024-1591

Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues...

CVE-2023-39249

Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables...

CVE-2023-39249

Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables...

Dell SupportAssist for Business PCs 安全漏洞

Dell SupportAssist for Business PCs is a client application for business computers from Dell USA. The program provides automated, proactive and predictive techniques for troubleshooting and more. A local authentication bypass vulnerability exists in Dell SupportAssist for Business PCs version...

CVE-2023-29081

A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service DoS condition when handling move operations on local, temporary folders...

CVE-2023-29081 InstallShield Symlink Vulnerability Affecting Suite Project Setups

A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service DoS condition when handling move operations on local, temporary folders...

PT-2024-12193 · Unknown · Installshield

Name of the Vulnerable Software and Affected Versions: InstallShield versions prior to 2023 R2 Description: A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service D...

CVE-2023-29444

An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their...

CVE-2023-29444 Uncontrolled Search Path Element in PTC's Kepware KEPServerEX

An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their...

WAGO PFC100 Security Vulnerability

The WAGO PFC100 is a programmable logic controller PLC from WAGO. A security vulnerability exists in the WAGO PFC100 that originates from a vulnerability that allows a locally authenticated attacker to elevate non-root privileges by changing the password of another non-administrative user...

Input validation

Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution...

CVE-2023-35080

A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information...

PT-2023-7118 · Cisco · Cisco Secure Client

Name of the Vulnerable Software and Affected Versions: Cisco Secure Client Software affected versions not specified Description: The issue is related to multiple vulnerabilities in Cisco Secure Client Software that could allow an authenticated, local attacker to cause a denial of service DoS...

CVE-2023-26589

Use after free in some IntelR Aptio V UEFI Firmware Integrator Tools may allowed an authenticated user to potentially enable denial of service via local access...

Ivanti Secure Access Client Security Vulnerability

Ivanti Secure Access Client is a security software client from Ivanti. A security vulnerability exists in Ivanti Secure Access Client versions prior to 22.6R1.1, which stems from a vulnerability that allows locally authenticated attackers to exploit vulnerable configurations, resulting in a denia...

Ivanti Avalanche security breach

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche, which stems from a lack of authentication local lifting...

CVE-2023-23632

BeyondTrust Privileged Remote Access PRA versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the...

CVE-2023-23632

BeyondTrust Privileged Remote Access PRA versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the...