Cisco NX-OS Elevation of Privilege Vulnerability

Cisco NX-OS is a set of data center-grade operating system software used by switches. An elevation of privilege vulnerability exists in the Bash shell implementation of Cisco NX-OS. The vulnerability stems from a failure of the Bash shell commands to be implemented correctly, resulting in the...

Apple macOS High Sierra Local Authentication Local Information Disclosure Vulnerability

Apple macOS High Sierra is a specialized operating system developed by Apple for Mac computers.Local Authentication is one of the local authentication components. A security vulnerability exists in the handling of smart card PINs in the Local Authentication component of Apple macOS High Sierra...

CVE-2018-15591

CVE-2018-15591 affects Ivanti Workspace Control before 10.3.10.0 (and RES One Workspace). A local authenticated user can bypass application whitelisting to execute arbitrary code via multiple unspecified attack vectors. Connected material references exploitation paths involving PowerGrid (PowerGr...

CVE-2018-12131

Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access...

CVE-2018-11064

Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result ...

CVE-2018-0438

A vulnerability in the Cisco Umbrella Enterprise Roaming Client ERC could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper...

Microsoft Windows - nt!NtQueryInformationTransactionManager (TransactionManagerRecoveryInformation) Kernel Pool Memory Disclosure

Microsoft Windows - nt!NtQueryInformationTransactionManager TransactionManagerRecoveryInformation Kernel Pool Memory Disclosure / We have discovered that the nt!NtQueryInformationTransactionManager system call invoked with the TransactionManagerRecoveryInformation 4 information class may disclose...

Enterprise Networking Operating System (ENOS) Authentication Bypass in Lenovo and IBM RackSwitch and BladeCenter Products - Lenovo Support US

No description provided...

CVE-2017-8974

A Local Authentication Restriction Bypass vulnerability in HPE NonStop Server version L-Series: T6533L01 through T6533L01^ADN; J-Series and H-series: T6533H02 through T6533H04^ADF and T6533H05 through T6533H05^ADL was found...

CVE-2017-12553

A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found...

CVE-2017-12553

A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found...

CVE-2017-8974

A Local Authentication Restriction Bypass vulnerability in HPE NonStop Server version L-Series: T6533L01 through T6533L01^ADN; J-Series and H-series: T6533H02 through T6533H04^ADF and T6533H05 through T6533H05^ADL was found...

CVE-2017-3765

In Enterprise Networking Operating System ENOS in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when...

Authentication flaw

In Enterprise Networking Operating System ENOS in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when...

CVE-2017-3765

In Enterprise Networking Operating System ENOS in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when...

CVE-2017-14770

Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process...

Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially...

CVE-2017-3745

In Lenovo XClarity Administrator LXCA before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts wi...

CVE-2017-0245

The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka "Win32k Information Disclosure Vulnerability."...

Buffalo WNC01WH Command Injection Vulnerability

Buffalo WNC01WH is a network camera from the Buffalo Group of Japan. A command injection vulnerability exists in the Buffalo WNC01WH. This allows a locally authenticated attacker to perform a command injection attack...