Cisco NX-OS Improper Verification of Cryptographic Signature (CVE-2017-12331)

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX- OS signature verification for software patches. An authenticated, local attacker could exploit...

Cisco NX-OS Exposure of Resource to Wrong Sphere (CVE-2017-12342)

A vulnerability in the Open Agent Container OAC feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulnerability is due to insufficient internal security measures in the OAC feature. An attacker could...

Rockwell Automation ThinManager ThinServer Arbitrary File Creation Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Microsoft Windows 10 WinREUpdateInstaller_2401B_amd64 Link Following Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

(0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. The issue...

Linux kernel denial of service vulnerability (CNVD-2024-30379)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in Linux kernel version 6.7.1 and prior versions, which is caused by use after release in cecqueuemsgfh. A local attacker could exploit...

CVE-2023-44277

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's...

CVE-2023-6253 Saved Uninstall Key in Digital Guardian Agent Uninstaller

A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file...

Access Control Error Vulnerability in Cisco SD-WAN vManage

Cisco SD-WAN vManage is a highly customizable dashboard from Cisco, Inc. that simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. An access control error vulnerability exists in Cisco SD-WAN vManage that stems from improperly enforced access control ...

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. Trend Micro Apex One has a security vulnerability that can be exploited by a local attacker to elevate privileges...

PT-2023-21503 · Dell · Dell Bios

Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability to modify...

CVE-2023-35866

In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or...

CVE-2022-1016

A flaw was found in the Linux kernel in net/netfilter/nftablescore.c:nftdochain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker...

LSN-0082-1 Kernel Live Patch Security Notice

Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel...

Huawei HarmonyOS Integer Overflow or Wrap Around Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability previously existed in Huawei HarmonyOS 2.0, which stemmed from a write-across-stack-frame out-of-bounds vulnerability in some Huawei...

Linux kernel io_grab_files() denial of service vulnerability

Linux Kernel is an open source operating system. A security vulnerability exists in Linux kernel iograbfiles, which can be exploited by a local attacker to submit a special request that can crash the system...

Unspecified vulnerability in Linux kernel (CNVD-2021-13671)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel versions 5.10.12 and earlier, which can be exploited by a local attacker to trigger via an IO request at some point during devic...

北京坤豆 Mubu 授权问题漏洞

Mubu is a platform for online writing from Mubu, a company based in Beijing, China. An authorization issue vulnerability exists in Mubu version 2.2.1, which stems from its failure to strictly limit user privileges and can be exploited by a local attacker to execute system commands...

GNU GRUB2 Vulnerability

Free Software Foundation GNU Project's multiboot boot loader, GNU GRUB2, contains a vulnerability—CVE-2020-10713—that a local attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Multiple VMware Products Competitive Conditions Issue Vulnerability

VMware ESXi is a server virtualization platform that can be installed directly on physical servers, VMware Workstation is a set of virtual machine software, and VMware Fusion is a set of virtual machine software designed to run Windows applications on Macs. VMware Fusion is a suite of virtual...