270 matches found
CVE-2024-5532 A stored XSS vulnerability has been discovered on OpenText™ Operations Agent (OA).
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Operations Agent. The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system...
CVE-2024-5532
CVE-2024-5532 is a stored XSS vulnerability in OpenText OpenText Operations Agent. The issue allows an attacker with local admin privileges to manipulate the content of the agent’s internal status page on the local system. Affected versions are 12.20–12.26. The connected sources reiterate the sam...
PT-2024-11894 · Synology · Synology Drive Client
Name of the Vulnerable Software and Affected Versions: Synology Drive Client versions prior to 3.4.0-15721 Description: A buffer copy without checking the size of the input, also known as a 'Classic Buffer Overflow', exists in the connection management functionality. This issue allows local users...
VulnCheck KEV: CVE-2024-22252
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to the failure to disallow unsolicited invites when shared channels are enabled, This allowing an attacker to send an invite with the ID of an existing local channel, causing that local...
How to Manually Create a Database for Provisioning Services
This article describes how to manually create a database for Provisioning Services when the database administrator prefers to create the database manually. Requirements The DbScript.exe file located in “C:\Program Files\Citrix\Provisioning Services”. SQL Database Server. SysAdmin privileges to ru...
CVE-2024-37086
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host...
CVE-2024-37086
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host...
PT-2024-8636 · Ivanti · Ivanti Secure Access Client
Name of the Vulnerable Software and Affected Versions: Ivanti Secure Access Client versions prior to 22.7R3 Description: The issue is related to improper bounds checking, which can be exploited by a local authenticated attacker with admin privileges to cause a denial of service. This is due to a...
PT-2024-22653 · Dell · Dell Client Bios
Name of the Vulnerable Software and Affected Versions: Dell Client BIOS affected versions not specified Description: The issue is related to an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to...
PT-2024-19430 · Dell · Dell Bios
Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this, leading to denial of service...
CVE-2024-25102
This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm hash SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this...
Design/Logic Flaw
This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system. Successful exploitation of this vulnerability could allow the attacker to...
CVE-2024-25103
CVE-2024-25103 affects AppSamvid software, with DLL hijacking as the underlying vector due to vulnerable/outdated components. Local administrative privileges are required to place malicious DLLs on the target system, enabling arbitrary code execution if exploited. The available connected document...
Vulnerabilities fixed in VMware products
VMware has fixed several vulnerabilities in VMware ESXI, VMware Workstation and VMware Fusion. A malicious person with local administrator rights in a virtual machine can exploit the vulnerabilities to execute code - with the rights of the application - execute code on the system on which the...
CVE-2023-39254
Dell Update Package DUP, Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin...
CVE-2023-44120
A vulnerability has been identified in Spectrum Power 7 All versions V23Q4. The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root access...
Poly Trio Security Breach
Poly Trio is a Trio series of business conference phones from Poly USA. A security vulnerability exists in Poly CCX and Trio that stems from a password change vulnerability in the parameter device.auth.localAdminPassword of the Configuration File Import component. Affected products and versions:...
CVE-2023-28044
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...
CVE-2023-28050
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...