100 matches found
CVE-2019-5689
NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or...
CVE-2019-5701
NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature also known as a binary planting or DLL preloading attack,...
CVE-2024-45480 Unauthorized local file reading in B&R APROL
An improper control of generation of code 'Code Injection' vulnerability in the AprolCreateReport component of B&R APROL 4.4-00P5 may allow an unauthenticated network-based attacker to read files from the local system...
git: insecure hardlinks
A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a differen...
PT-2024-27022 · Ricoh · Ricoh Streamline Nx Pc Client
Name of the Vulnerable Software and Affected Versions: Ricoh Streamline NX PC Client versions 3.7.2 and earlier Description: The issue is related to the use of hard-coded credentials. If exploited, an attacker may obtain the LocalSystem Account of the PC where the product is installed, potentiall...
Multiple vulnerabilities in Ricoh Streamline NX PC Client
Overview Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. ricoh-2024-000004 Improper restriction of communication channel to intended endpoints CWE-923 - CVE-2024-36252 ricoh-2024-000005 Use of hard-coded credentials CWE-798 -...
PT-2024-13955 · Sikka · Sikka Sscwindowsservice
Name of the Vulnerable Software and Affected Versions: Sikka SSCWindowsService version 5 2023-09-14 Description: The issue allows low-privileged users to execute arbitrary code as LocalSystem due to full control being granted to them. This is possible because low-privileged users have write acces...
PYSEC-2024-2
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...
PYSEC-2024-2
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...
Mozilla Firefox Security Advisories (MFSA2023-22, MFSA2023-24) - Mac OS X
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Design/Logic Flaw
Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:F access...
CVE-2021-42255
AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user...
otris Update Manager 授权问题漏洞
otris Update Manager is used by otris for compliance digitization. A security vulnerability exists in otris Update Manager 1.2.1.0 that allows local users to gain access to SYSTEM via unauthenticated calls and allows remote attacks on HTTP traffic on TCP port 9000 using WsHTTPBinding...
Mozilla Firefox Security Advisory (MFSA2013-83) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
NVIDIA Windows GPU Display Driver (January 2021)
A display driver installed on the remote Windows host is affected by multiple vulnerabilities: - NVIDIA GPU Display Driver contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service o...
Nanosystems Supremo Access Control Error Vulnerability
Nanosystems Supremo is a remote desktop management software from the Italian company Nanosystems. An access control error vulnerability exists in Nanosystems SupRemo version 4.1.3.2348, which originates from the ability to rename SupRemo .exe using a file manager, and then upload a Trojan horse...
CVE-2020-25106
CVE-2020-25106 affects Nanosystems SupRemo 4.1.3.2348. When running as a service, File Manager can modify system-privileged files, allowing an attacker to rename Supremo.exe and upload a Trojan to achieve LocalSystem access. Vulnerable version: 4.1.3.2348. Fixed version: 4.2.0.2423. Exploitation ...
SUPREMO 4.1.3.2348 Privilege Escalation
Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/ Vendor Status: fixed version released Vulnerable Version: 4.1.3.2348 No other version was tested, but it is believed for the older versions to be also...
FruityWifi Elevation of Privilege Vulnerability
FruityWifi is a wireless network auditing tool. A security vulnerability exists in FruityWifi version 2.4 and prior versions, which stems from the presence of a fail-safe Sudo configuration ALL: ALL NOPASSWD: ALL. The vulnerability can be exploited by an attacker to perform a system-level root...
CVE-2020-24848
CVE-2020-24848 affects FruityWifi up to version 2.4, where an unsafe sudo configuration (ALL: ALL) NOPASSWD: ALL enables local root privilege escalation. This misconfiguration allows an attacker with local access to obtain full persistent control over the system. Publicly documented sources (incl...