Authentication flaw

A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be...

CVE-2023-4985

CVE-2023-4985 affects Supcon InPlant SCADA up to 20230901. The issue stems from an unknown function in Project.xml that enables improper authentication. It requires local access to exploit, and public disclosure of exploits is noted. Several sources (NVD/Red Hat/CVE listings) corroborate the loca...

CVE-2023-4985 Supcon InPlant SCADA Project.xml improper authentication

A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be...

PT-2023-25460 · Unknown · Qubo Smart Plug 10A

Name of the Vulnerable Software and Affected Versions: Qubo Smart Plug10A version HSP02 01 01 14 SYSTEM-10 A Description: An issue was discovered in Qubo Smart Plug10A, allowing local attackers to gain sensitive information and other unspecified impact via UART console. Recommendations: For Qubo...

CVE-2023-36160

CVE-2023-36160 affects Qubo Smart Plug10A, specifically version HSP02_01_01_14_SYSTEM-10 A. The issue permits local attackers to access sensitive information via the UART console, with the exposed impact limited to confidentiality (as per the CVSS and vendor notes) and without other confirmed exp...

CVE-2023-39063

Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard...

Privilege escalation

IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM permissions. IBM X-Force ID: 262542...

PT-2023-9283 · Check Point · Check Point Zonealarm Extreme Security

Name of the Vulnerable Software and Affected Versions: Check Point ZoneAlarm Extreme Security affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. The flaw exists within the Forensic Recorder service, where an attacker ca...

Privilege escalation

Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system...

CVE-2023-4487

CVE-2023-4487 affects GE Digital CIMPLICITY 2023. A process-control vulnerability could allow a local attacker to insert malicious configuration files into the web server execution path, escalating privileges and gaining full control of the HMI software. Affected product: CIMPLICITY 2023. Impact:...

kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()

An out-of-bounds OOB memory access flaw was found in the Netfilter module in the Linux kernel's nftbyteordereval in net/netfilter/nftbyteorder.c. A bound check failure allows a local attacker with CAPNETADMIN access to cause a local privilege escalation issue due to incorrect data alignment...

Memory Leaks

binutils is vulnerable to Memory Leaks. The vulnerability occurs in maketempdir and maketempname within bucomm.c, which allows a malicious attacker to cause a denial of service locally...

CVE-2023-3495

CVE-2023-3495 affects Hitachi EH-VIEW (KeypadDesigner). The issue is an out-of-bounds write enabling local attackers to potentially execute arbitrary code, with exploitation requiring user interaction (opening a malicious file). The affected products are noted as no longer supported by the mainta...

CVE-2023-38996

An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command...

CVE-2023-4413

Removed by vendor...

CVE-2023-20217

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation by the operating system CLI. An attacker cou...

CVE-2023-4383

A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The exploit has been...

CVE-2023-4383

CVE-2023-4383 affects MicroWorld eScan Anti-Virus 7.0.32 on Linux. The root cause is an improperly assigned privilege in the file runasroot, causing incorrect execution permissions. It is a local vulnerability (attack vector: LOCAL) with low attack complexity and requires low privileges, no user ...

SUSE CVE-2021-28025

Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service DoS...

CVE-2023-21274

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...