Pegasystems Pega 授权问题漏洞

Pegasystems Pega is a Java-based business process management tool from the U.S. company Pegasystems. It is used to build enterprise applications. A security vulnerability exists in Pegasystems Pega, which stems from a forgotten password reset feature for local accounts that can be used to bypass...

FlexNet Unauthorized Access Vulnerability

An unauthorized access vulnerability exists in FlexNet 2020 R2.5 and prior versions of FlexNet, a software license manager from Flexera, Inc. of Chicago, USA. An attacker could exploit this vulnerability to modify other restricted files after passing local authentication...

PT-2022-4184 · Hewlett Packard · Hpe Oneview

Name of the Vulnerable Software and Affected Versions: HPE OneView versions prior to 6.6 Description: A local authentication restriction bypass issue was found, related to weaknesses in the authentication procedure. This could allow an attacker to bypass existing security restrictions. HPE has...

Security Bulletin: Linux Kernel as used by IBM QRadar SIEM contains multiple vulnerabilities

Summary Linux Kernel as used by IBM QRadar SIEM contains multiple vulnerabilities Vulnerability Details CVEID: CVE-2020-12362 DESCRIPTION: Intel Graphics Drivers could allow a local authenticated attacker to gain elevated privileges on the system, caused by an integer overflow in the firmware. An...

CVE-2021-32600

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and t...

Vulnerability fixed in Cisco AnyConnect Secure Mobility Client

A vulnerability has been fixed in Cisco AnyConnect Secure Mobility Client. The vulnerability allows a locally authenticated malicious party to obtain elevated privileges. Cisco has released updates to fix the vulnerabilities. More information can be found on the page below:...

Fixed vulnerability in Snow Inventory Agent for Windows

A vulnerability has been fixed in Snow Inventory Agent for Windows. The vulnerability allows a locally authenticated malicious person able to manipulate data. Snow Globe has released updates to fix the vulnerability. fix. More information can be found on the page below:...

CVE-2021-34729

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI...

FlexNet Code Insight 安全漏洞

An unauthorized access vulnerability exists in FlexNet 2020 R2.5 and prior versions of FlexNet, a software license manager from Flexera, Inc. of Chicago, USA. An attacker could exploit this vulnerability to modify other restricted files after passing local authentication...

Cisco Patches Critical Bug With Public Exploit

Cisco has patched a near-max critical bug in its NFVIS software for which there’s a publicly available proof-of-concept PoC exploit. On Wednesday, Cisco released patches for the flaw – an authentication bypass vulnerability in Enterprise NFV Infrastructure Software NFVIS that’s tracked as...

CVE-2021-36277

Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. A local authenticated malicious user may exploit this vulnerability by executing arbitrary code on the system...

CVE-2020-29503

Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory...

CVE-2021-0278

An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. junos:18.3R3-S5 junos:18.4R3-S9 junos:19.1R3-S6 junos:19.3R2-S6 junos:19.3R3-S3 junos:19.4R1-S4 junos:19.4R3-S4...

CVE-2021-31840

A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid...

CVE-2021-32015

In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Comm...

Vulnerability fixed in Linux kernel

A vulnerability has been fixed in the Linux kernel. A local, authenticated malicious person can, by exploiting this vulnerability to gain root privileges on the vulnerable system. -= Fedora =- Fedora has made updates available for Fedora 33 and 34. You can install these updates using the command...

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...

CVE-2021-21551

Dell dbutil23.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required...

CVE-2021-27651

In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks...

Authentication flaw

In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks...