SUSE CVE-2007-3149

sudo, when linked with MIT Kerberos 5 krb5, does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5 environment variable settings. NOTE: another researcher...

SUSE CVE-2020-27225

In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform...

CVE-2023-24572

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion...

CVE-2023-24569

Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system...

CVE-2023-24573

Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion...

CVE-2023-24573

Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion...

Improper access control

An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system...

PT-2022-22948 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: A locally authenticated attacker could execute arbitrary commands on the system by sending a specially crafted request. Recommendations: For IBM InfoSphere Information Server version...

CVE-2022-35717

"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361...

CVE-2022-41835

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller...

Vulnerabilities fixed in SUSE Linux Enterprise

Vulnerabilities have been fixed in the Linux kernel as used by SUSE Linux Enterprise. A local, authenticated malicious party can exploit the vulnerabilities to execute arbitrary code, causing a denial-of-service or obtaining elevated privileges. SUSE has made updates available to fix the...

Rocket.Chat Authorization Issues Vulnerability (CNVD-2022-69165)

Rocket.Chat is an open source team chat software. A security vulnerability exists in Rocket.Chat Mobile App versions prior to 4.14.1.22788, which stems from incorrect authentication and can be exploited by an attacker to bypass local authentication...

CVE-2022-30124

An improper authentication vulnerability exists in Rocket.Chat Mobile App 4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication PIN code...

PT-2022-20624 · Dell · Dell Bios

Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this by sending excess data to a function, allowing for arbitrary...

CVE-2022-31223

Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system...

Honeywell Safety Manager 访问控制错误漏洞

Honeywell Safety Manager is used by Honeywell to minimize accidents, maximize production uptime, reduce compliance costs, and manage plant safety. An access control error vulnerability exists in all versions of Honeywell Safety Manager that stems from the use of the Security Builder protocol, whi...

CVE-2022-24083

Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks...

CVE-2022-24083

Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks...

Pegasystem Pega 安全漏洞

Pegasystem Pega is a Java-based business process management tool from the U.S. company Pegasystem. It is used to build enterprise applications. A security vulnerability exists in Pegasystem Pega that stems from a password authentication bypass vulnerability in local accounts that can be used to...

CVE-2022-22557

PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use...