Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

PT-2025-42115

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to KB5065813 Description An improper access control issue exists in the Windows Remote Access Connection Manager RasMan. This allows a local attacker to elevate privileges, potentially gaining SYSTEM-level...

CVE-2025-30100

Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain an Improper Access Control Vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

EulerOS 2.0 SP11 : binutils (EulerOS-SA-2025-1347)

According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the fil...

OESA-2025-1128 binutils security update

Binutils is a collection of binary utilities, including ar for creating, modifying and extracting from archives, as a family of GNU assemblers, gprof for displaying call graph profile data, ld the GNU linker, nm for listing symbols from object files, objcopy for copying and translating object...

OESA-2025-1098 binutils security update

Binutils is a collection of binary utilities, including ar for creating, modifying and extracting from archives, as a family of GNU assemblers, gprof for displaying call graph profile data, ld the GNU linker, nm for listing symbols from object files, objcopy for copying and translating object...

CVE-2024-57360

A flaw was found in the nm utility of binutils. A local user who specifies the --without-symbol-versions option on a specially crafted ELF file can trigger a segmentation fault condition. This may lead to an application crash or other undefined behavior...

D-Link DIR-816 A2 /goform/form2LocalAclEditcfg.cgi Access Control Error Vulnerability

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2LocalAclEditcfg.cgi. An attacker can exploit this vulnerability to be able ...

D-Link DIR-816 A2 安全漏洞

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2LocalAclEditcfg.cgi. An attacker can exploit this vulnerability to be able ...

OESA-2024-2501 pam security update

PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: A vulnerability was found in pamaccess due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows...

Cisco Unified IP Phone Permissions, Privileges, and Access Controls (CVE-2007-1072)

The command line interface CLI in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.04SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063. This...

CVE-2024-10963

A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...

CVE-2024-10963

A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...

CVE-2024-10963

CVE-2024-10963 is a pam_access vulnerability where certain rules in its configuration file are mistakenly treated as hostnames, enabling an attacker to impersonate a trusted hostname and gain unauthorized access. Documented impact is access control bypass on systems relying on pam_access rules. T...

CVE-2024-10963

A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...

CVE-2024-4008 FDSK Leak in KNX Secure Devices

FDSK Leak in ABB, Busch-Jaeger, FTS Display version 1.00 and BCU version 1.3.0.33 allows attacker to take control via access to local KNX Bus-System...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from South Korea's Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Aug-2023 Release 1 version, which stems from an improper access control vulnerability in Telecom th...

CVE-2023-28399

Incorrect permission assignment for critical resource exists in CONPROSYS HMI System CHS versions prior to 3.5.3. ACL Access Control List is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC whe...

Trend Micro Apex One Improper Access Control Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Apex One...

SUSE CVE-2016-10369

unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service preventing terminal launch, or possibly have other impact bypassing terminal access control...