Lucene search
K

100 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:43 a.m.11 views

CVE-2019-5689

NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or...

7.8CVSS6.8AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:1 a.m.8 views

CVE-2019-5701

NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature also known as a binary planting or DLL preloading attack,...

7.8CVSS7AI score0.00546EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/25 4:50 a.m.13 views

CVE-2024-45480 Unauthorized local file reading in B&R APROL

An improper control of generation of code 'Code Injection' vulnerability in the AprolCreateReport component of B&R APROL 4.4-00P5 may allow an unauthenticated network-based attacker to read files from the local system...

9.2CVSS0.00375EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/06/25 8:24 a.m.7 views

git: insecure hardlinks

A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a differen...

3.9CVSS7.3AI score0.00519EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/06/19 12:0 a.m.4 views

PT-2024-27022 · Ricoh · Ricoh Streamline Nx Pc Client

Name of the Vulnerable Software and Affected Versions: Ricoh Streamline NX PC Client versions 3.7.2 and earlier Description: The issue is related to the use of hard-coded credentials. If exploited, an attacker may obtain the LocalSystem Account of the PC where the product is installed, potentiall...

9.8CVSS6.8AI score0.00434EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/18 5:56 a.m.4 views

Multiple vulnerabilities in Ricoh Streamline NX PC Client

Overview Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. ricoh-2024-000004 Improper restriction of communication channel to intended endpoints CWE-923 - CVE-2024-36252 ricoh-2024-000005 Use of hard-coded credentials CWE-798 -...

9.8CVSS7.2AI score0.00507EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.6 views

PT-2024-13955 · Sikka · Sikka Sscwindowsservice

Name of the Vulnerable Software and Affected Versions: Sikka SSCWindowsService version 5 2023-09-14 Description: The issue allows low-privileged users to execute arbitrary code as LocalSystem due to full control being granted to them. This is possible because low-privileged users have write acces...

8.8CVSS7.9AI score0.0058EPSS
Exploits1References6
PyPA
PyPA
added 2024/01/09 9:15 a.m.13 views

PYSEC-2024-2

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...

5.5CVSS6.6AI score0.00293EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/01/09 9:15 a.m.24 views

PYSEC-2024-2

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...

5.5CVSS5.5AI score0.00293EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2023/07/05 12:0 a.m.22 views

Mozilla Firefox Security Advisories (MFSA2023-22, MFSA2023-24) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

8.8CVSS8.8AI score0.00755EPSS
Exploits1References1
Prion
Prion
added 2023/04/14 12:15 a.m.12 views

Design/Logic Flaw

Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:F access...

7.5CVSS9.5AI score0.06051EPSS
Exploits4References2Affected Software1
OSV
OSV
added 2022/04/12 4:15 p.m.2 views

CVE-2021-42255

AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user...

7.8CVSS7.1AI score0.00288EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.5 views

otris Update Manager 授权问题漏洞

otris Update Manager is used by otris for compliance digitization. A security vulnerability exists in otris Update Manager 1.2.1.0 that allows local users to gain access to SYSTEM via unauthenticated calls and allows remote attacks on HTTP traffic on TCP port 9000 using WsHTTPBinding...

7.8CVSS7.4AI score0.00394EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.16 views

Mozilla Firefox Security Advisory (MFSA2013-83) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

6.2CVSS6.4AI score0.00335EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/01/15 12:0 a.m.105 views

NVIDIA Windows GPU Display Driver (January 2021)

A display driver installed on the remote Windows host is affected by multiple vulnerabilities: - NVIDIA GPU Display Driver contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service o...

8.4CVSS6.8AI score0.00471EPSS
Exploits0References6
CNVD
CNVD
added 2020/12/23 12:0 a.m.2 views

Nanosystems Supremo Access Control Error Vulnerability

Nanosystems Supremo is a remote desktop management software from the Italian company Nanosystems. An access control error vulnerability exists in Nanosystems SupRemo version 4.1.3.2348, which originates from the ability to rename SupRemo .exe using a file manager, and then upload a Trojan horse...

9.3CVSS7AI score0.0145EPSS
Exploits3References1
CVE
CVE
added 2020/12/22 5:54 p.m.84 views

CVE-2020-25106

CVE-2020-25106 affects Nanosystems SupRemo 4.1.3.2348. When running as a service, File Manager can modify system-privileged files, allowing an attacker to rename Supremo.exe and upload a Trojan to achieve LocalSystem access. Vulnerable version: 4.1.3.2348. Fixed version: 4.2.0.2423. Exploitation ...

9.3CVSS7.5AI score0.0145EPSS
Exploits3References3Affected Software1
Packet Storm
Packet Storm
added 2020/12/22 12:0 a.m.773 views

SUPREMO 4.1.3.2348 Privilege Escalation

Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/ Vendor Status: fixed version released Vulnerable Version: 4.1.3.2348 No other version was tested, but it is believed for the older versions to be also...

0.6AI score0.0145EPSS
Exploits3
CNVD
CNVD
added 2020/10/26 12:0 a.m.5 views

FruityWifi Elevation of Privilege Vulnerability

FruityWifi is a wireless network auditing tool. A security vulnerability exists in FruityWifi version 2.4 and prior versions, which stems from the presence of a fail-safe Sudo configuration ALL: ALL NOPASSWD: ALL. The vulnerability can be exploited by an attacker to perform a system-level root...

7.8CVSS7.1AI score0.00387EPSS
Exploits1References1
CVE
CVE
added 2020/10/23 6:22 p.m.36 views

CVE-2020-24848

CVE-2020-24848 affects FruityWifi up to version 2.4, where an unsafe sudo configuration (ALL: ALL) NOPASSWD: ALL enables local root privilege escalation. This misconfiguration allows an attacker with local access to obtain full persistent control over the system. Publicly documented sources (incl...

7.8CVSS7.7AI score0.00387EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder