GHSA-GFWJ-FWQJ-FP3V Improper Privilege Management in Spring Framework

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...

CVE-2022-22454

IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request...

PT-2022-15443 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Recommendations: For IBM InfoSphere Information...

AZL-9668 CVE-2022-20796 affecting package clamav for versions less than 0.105.0-1

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus ClamAV versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of...

VeryFitPro 授权问题漏洞

VeryFitPro is a powerful health management software from Shenzhen Aidu Technology Co., Ltd. in China, which needs to be used with the same brand of smart bracelet, using the app users can view the number of steps taken, calories burned, sleep quality and other information in real time. VeryFitPro...

CVE-2021-26104

Multiple OS command injection CWE-78 vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and belo...

CVE-2022-23699

A local authentication restriction bypass vulnerability was discovered in HPE OneView versions: Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView...

CVE-2022-23699

A local authentication restriction bypass vulnerability was discovered in HPE OneView versions: Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView...

CVE-2022-23699

A local authentication restriction bypass vulnerability was discovered in HPE OneView versions: Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView...

CVE-2022-23699

Summary: CVE-2022-23699 describes a local authentication restriction bypass in HPE OneView prior to version 6.6 . The issue stems from weaknesses in the authentication procedure, enabling bypass of authentication locally. The vendor has released a software update to resolve the vulnerability (upd...

Juniper Junos OS Privilege Escalation (JSA11237)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11237 advisory. An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privileges to root over the...

CVE-2018-25030

A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may be used...

CVE-2018-25030

A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may be used...

Race condition

A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may be used...

Microsoft Windows Security Account Manager 权限许可和访问控制问题漏洞

Microsoft Windows Security Account Manager is a Windows security account manager from Microsoft USA for storing user passwords. It can be used to authenticate local and remote users. Microsoft Windows Security Account Manager is vulnerable to privilege permission and access control issues. No...

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.

...

CVE-2022-24051

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

CVE-2021-27654

Forgotten password reset functionality for local accounts can be used to bypass local authentication checks...

Default credentials

Forgotten password reset functionality for local accounts can be used to bypass local authentication checks...

CVE-2021-27654

CVE-2021-27654 affects Pegasystems Pega. The vulnerability arises from a forgotten password reset functionality for local accounts that can bypass local authentication checks. Public data shows CVSS details: CVSS v3.1 base score 7.8 (HIGH) with LOCAL access, LOW attack complexity, privileges requ...