35 matches found
9router has an Incomplete Fix: Local-Only Access Gate Bypass in 9router via Host Header SpoofING
The fix for CVE-2026-46339 unauthenticated RCE via unprotected MCP plugin routes introduced a local-only access gate in src/dashboardGuard.js that restricts spawn-capable routes /api/mcp/, /api/tunnel/, /api/cli-tools/ to loopback requests. The gate determines "local" by inspecting the Host and...
PT-2026-54129
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in WebAppInstalls allows a local attacker to bypass discretionary access control, which is a security mechanism that restricts acce...
CVE-2026-12782
A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is an unknown function in the library EUEDKEPM.sys of the component Kernel Driver. The manipulation results in improper access controls. The attack requires a local approach. The exploit has been...
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
PT-2025-42115
Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to KB5065813 Description An improper access control issue exists in the Windows Remote Access Connection Manager RasMan. This allows a local attacker to elevate privileges, potentially gaining SYSTEM-level...
CVE-2025-30100
Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain an Improper Access Control Vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
EulerOS 2.0 SP11 : binutils (EulerOS-SA-2025-1347)
According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the fil...
OESA-2025-1128 binutils security update
Binutils is a collection of binary utilities, including ar for creating, modifying and extracting from archives, as a family of GNU assemblers, gprof for displaying call graph profile data, ld the GNU linker, nm for listing symbols from object files, objcopy for copying and translating object...
OESA-2025-1098 binutils security update
Binutils is a collection of binary utilities, including ar for creating, modifying and extracting from archives, as a family of GNU assemblers, gprof for displaying call graph profile data, ld the GNU linker, nm for listing symbols from object files, objcopy for copying and translating object...
CVE-2024-57360
A flaw was found in the nm utility of binutils. A local user who specifies the --without-symbol-versions option on a specially crafted ELF file can trigger a segmentation fault condition. This may lead to an application crash or other undefined behavior...
D-Link DIR-816 A2 /goform/form2LocalAclEditcfg.cgi Access Control Error Vulnerability
The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2LocalAclEditcfg.cgi. An attacker can exploit this vulnerability to be able ...
D-Link DIR-816 A2 安全漏洞
The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2LocalAclEditcfg.cgi. An attacker can exploit this vulnerability to be able ...
OESA-2024-2501 pam security update
PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: A vulnerability was found in pamaccess due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows...
Cisco Unified IP Phone Permissions, Privileges, and Access Controls (CVE-2007-1072)
The command line interface CLI in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.04SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063. This...
CVE-2024-10963
A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...
CVE-2024-10963
CVE-2024-10963 is a pam_access vulnerability where certain rules in its configuration file are mistakenly treated as hostnames, enabling an attacker to impersonate a trusted hostname and gain unauthorized access. Documented impact is access control bypass on systems relying on pam_access rules. T...
CVE-2024-10963 Pam: improper hostname interpretation in pam_access leads to access control bypass
A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...
CVE-2024-10963
A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...
CVE-2024-4008 FDSK Leak in KNX Secure Devices
FDSK Leak in ABB, Busch-Jaeger, FTS Display version 1.00 and BCU version 1.3.0.33 allows attacker to take control via access to local KNX Bus-System...
SAMSUNG Mobile devices security vulnerability
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from South Korea's Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Aug-2023 Release 1 version, which stems from an improper access control vulnerability in Telecom th...