CVE-2025-36192 Missing Authorization with the DS8900F and DS8A00 Hardware Management Console

IBM DS8A00 R10.1 10.10.106.0 and IBM DS8A00 R10.0 10.1.3.010.2.45.0 and IBM DS8900F R9.4 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS...

PT-2025-53585

Name of the Vulnerable Software and Affected Versions IBM DS8A00 versions 10.10.106.0 IBM DS8A00 versions 10.1.3.010.2.45.0 IBM DS8900F versions 89.40.83.089.42.18.089.44.5.0 Description IBM System Storage DS8000 may allow a local user with authorized CCW update permissions to delete or corrupt...

EUVD-2011-4054

Malware in sbrugna...

EUVD-2001-1359

Malware in sbrugna...

EUVD-2020-4812

Malware in sbrugna...

EUVD-1999-0129

Malware in sbrugna...

EUVD-2012-5558

Malware in sbrugna...

EUVD-2009-1460

Malware in sbrugna...

EUVD-2013-2715

Malware in sbrugna...

EUVD-2006-0079

Malware in sbrugna...

EUVD-2002-0816

Malware in sbrugna...

EUVD-2015-3667

Malware in sbrugna...

CVE-2023-0975

A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions...

CVE-2024-11220 Open Automation Software Incorrect Execution-Assigned Permissions

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation...

CVE-2022-4378

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2021-4023

A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to...

CVE-2020-7352

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...

CVE-2020-7352 GOG Galaxy GalaxyClientService Privilege Escalation

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...

CVE-2001-0006

The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability...

Microsoft Windows SMB Registry : Winlogon Key Permission Weakness

The registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon is writeable by users who are not in the admin group. This key contains a value which defines which program should be run when a user logs on. As this program runs in the SYSTEM context, the users who have the right to...