PEGA pega infinity 授权问题漏洞

PEGA pega infinity is an application from PEGA USA. Provides transition from digital chaos to true digital conversion. An authorization issue vulnerability exists in Pega Infinity versions 8.2.1 through 8.5.2, which stems from the fact that the password reset feature for local accounts can be use...

Dell System Update Resource Management Error Vulnerability

Dell System Update is an application package from Dell, Inc. that provides application updates. Dell System Update DSU 1.9 and earlier versions contain a security vulnerability that could be exploited by an attacker with low privileged local authentication to run multiple instances of the...

Dell System Update 资源管理错误漏洞

Dell System Update is an application package from Dell, Inc. that provides application updates. Dell System Update DSU 1.9 and earlier versions contain a security vulnerability that could be exploited by an attacker with low privileged local authentication to run multiple instances of the...

Aruba Access Points 授权问题漏洞

Aruba Access Points is a wireless network from Aruba USA. It provides Internet access. A security vulnerability exists in Aruba Instant Access Points, which can be exploited by an attacker for local authentication bypass. The following products and versions are affected: Aruba Instant 6.4.x:...

Why Cached Credentials Can Cause Account Lockouts and How to Stop it

When a user account becomes locked out, the cause is often attributed to a user who has simply entered an old or incorrect password too many times. However, this is far from being the only thing that can cause an account to become locked. Another common cause, for example, is an application or...

Rocket.Chat: Bypass local authentication (PIN code)

Summary: An attacker with physical access to a mobile device can bypass local authentication PIN code. Description: When you set the PIN code to enter the application, the blocking occurs after the time set in the settings after the activity is closed. System time is used as a starting point. It ...

CVE-2021-21512

Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account...

Vulnerability fixed in Cisco Anyconnect Client

Cisco has fixed a vulnerability in the Anyconnect client for Windows. A local, authenticated malicious party could exploit the exploit the vulnerability to perform a DLL hijack and thus potentially execute arbitrary code under SYSTEM privileges. Cisco has released updates to fix the vulnerability...

CVE-2020-16887

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker...

CVE-2020-9084

Taurus-AN00B versions earlier than 10.1.0.156C00E155R7P2 have a use-after-free UAF vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service...

F5 Networks BIG-IP : BIG-IP restjavad vulnerability (K12936322)

The restjavad process dump command does not follow current best coding practices and may overwrite arbitrary files.CVE-2020-5912 Impact A locally authenticated attacker may exploit this vulnerability by overwriting arbitrary files on the file system. C Tenable Network Security, Inc. The descripti...

CVE-2020-1556

An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a...

Windows Print Configuration Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially...

CVE-2020-3335

A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this...

CVE-2020-3335 Cisco Application Services Engine Software Authorization Vulnerability

A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this...

CVE-2020-1994

The connected advisories confirm CVE-2020-1994 in PAN-OS: a predictable temporary file vulnerability exploitable by a local authenticated user with shell access, allowing corruption of arbitrary system files and compromising integrity. Affected: PAN-OS 7.1 and 8.0; PAN-OS 8.1 prior to 8.1.13; PAN...

CVE-2020-9072

Huawei OSD product with versions earlier than OSDuwp9.0.32.0 have a local privilege escalation vulnerability. An authenticated, local attacker can constructs a specific file path to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege...

CVE-2020-1621

A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. This issue affects all versions of Junos OS Evolved prior to 19.3R1...

CVE-2020-1624

CVE-2020-1624 affects Junos OS Evolved prior to 19.1R1. A local, authenticated user can access raw objmon configuration files and obtain hashed values of login passwords and shared secrets, leaking sensitive information. The impact is confined to confidentiality of credentials via object monitori...

Druva inSync Client Arbitrary NodeJS Code Execution Vulnerability

Druva inSync Client is a lightweight application for managing data backups and allowing collaboration with other users. An arbitrary NodeJS code execution vulnerability exists in Druva inSync Client 6.5.0. The vulnerability stems from improper input validation. A locally authenticated attacker ca...