Trend Micro Apex One Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

Huawei EulerOS: Security Advisory for libXpm (EulerOS-SA-2024-1067)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Null pointer dereference

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer...

CVE-2023-38022

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgxiswithinuser...

CVE-2023-31292

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO 6.3.8.6 718, allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack...

CVE-2023-7093

A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. Affected is an unknown function of the file /usr/share/kylin-system-updater/SystemUpdater/UpgradeStrategiesDbus.py of the component com.kylin.systemupgrade Service. The manipulation of t...

Command injection

A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. Affected is an unknown function of the file /usr/share/kylin-system-updater/SystemUpdater/UpgradeStrategiesDbus.py of the component com.kylin.systemupgrade Service. The manipulation of t...

Privilege escalation

Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with...

CVE-2023-7025

A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function initkcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has...

CVE-2023-7025

CVE-2023-7025 affects KylinSoft hedron-domain-hook, up to version 3.8.0.12-0k0.5, with a vulnerability in the DBus Handler’s function init_kcm that enables improper access controls. The exploitation requires local access and is described as having been publicly disclosed. Connected PT-2023-32841 ...

CVE-2023-6891

A vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncontrolled search path. An attack has to be approached locally...

CVE-2023-6407

The CVE-2023-6407 issue, assigned to Schneider Electric Easy UPS Online Monitoring Software, is a path traversal vulnerability in the Windows-based Easy UPS Online Monitoring Software. Affected versions are 2.6-GA-01-23116 and earlier; Schneider Electric released a fix in 2.6-GA-01-23248. Root ca...

CVE-2023-42565

Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code...

CVE-2023-47304

The CVE pertains to Vonage Box Telephone Adapter VDV23, affected in version VDV21-3.2.11-0.5.1. The root cause is improper or bypassable UART authentication, enabling local attackers to read/write arbitrary memory values on the device. This yields high impact across confidentiality, integrity, an...

CVE-2023-6401

A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to thi...

CVE-2023-6401 NotePad++ dbghelp.exe uncontrolled search path

A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to thi...

CVE-2023-6401

CVE-2023-6401 affects NotePad++ up to version 8.1. The vulnerability is DLL search/path hijacking in dbghelp.dll loaded by the application, enabling local attackers to execute arbitrary code. The root cause is an uncontrolled search path that can cause the malicious dbghelp.dll in the application...

Mozilla: MozillaVPN: Elevation of Privilege via a Race Condition Vulnerability

A race condition vulnerability was discovered in Mozilla VPN that led to local privilege escalation to root on macOS. The vulnerability existed during the installation or update process, where a local attacker could replace the VPN binary with a malicious one that would execute as root. The issue...

CVE-2023-43612

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions...

Design/Logic Flaw

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions...