21818 matches found
CVE-2025-12708
IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...
EUVD-2026-15408
cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the getuserbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of...
SUSE CVE-2026-32810
Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...
Qnap QTS and QuTS hero Improper Neutralization of Special Elements used in an OS Command (CVE-2024-14026)
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...
Halloy 安全漏洞
Halloy is a cross-platform IRC client developed by Squidowl. There is a security vulnerability in Halloy, which stems from improper configuration file permission settings, potentially allowing local users to read plaintext credentials...
EUVD-2025-208854
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user...
CVE-2025-36051
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user. IBM QRadar SIEM 7.5.0 UP15 fixes this (remediation).
PT-2026-26243
CVE-2025-36051 IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user. https://t.co/fgTDVVehof...
IBM QRadar SIEM 安全漏洞
IBM QRadar SIEM is a solution developed by the American multinational company IBM, designed to protect assets and information from advanced threats using security intelligence. This solution provides features such as monitoring across the entire IT infrastructure and generating detailed reports o...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ability of unauthorized local users to manage privileged policies through obfuscated proxy attacks,...
SUSE CVE-2026-4105
A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus Desktop Bus method. A local unprivileged user can exploit this by attempting to register a machine with a...
AT&T Bell Labs UNIX 安全漏洞
AT&T Bell Labs UNIX is a Unix-like operating system developed by AT&T Corporation in the United States. There is a security vulnerability in AT&T Bell Labs UNIX v4, which stems from a buffer overflow in the password variable. This vulnerability could allow local users to gain root privileges...
ASUS Business System Control Interface 安全漏洞
ASUS Business System Control Interface is a system control interface developed by ASUS, a Chinese company. There is a security vulnerability in the ASUS Business System Control Interface. This vulnerability stems from excessive reading of data, which could allow unauthorized local users to access...
EUVD-2019-19761
Comtrend AR-5310 GE31-412SSG-C01R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $ . Attackers can inject arbitrary commands through the $ syntax when passed as arguments to allowed...
CVE-2026-1715
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges...
CVE-2019-25483
Comtrend AR-5310 GE31-412SSG-C01R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $ . Attackers can inject arbitrary commands through the $ syntax when passed as arguments to allowed...
CVE-2019-25483
The CVE-2019-25483 entry concerns the Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k device, where a restricted shell escape vulnerability allows local users to bypass command restrictions via the command substitution operator $( ). Attackers can inject arbitrary commands through $( ) when pa...
CVE-2019-25483 Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k Restricted Shell Escape
Comtrend AR-5310 GE31-412SSG-C01R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $ . Attackers can inject arbitrary commands through the $ syntax when passed as arguments to allowed...
CVE-2019-25483 Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k Restricted Shell Escape
Comtrend AR-5310 GE31-412SSG-C01R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $ . Attackers can inject arbitrary commands through the $ syntax when passed as arguments to allowed...
Lenovo PC Manager 安全漏洞
Lenovo PC Manager is a PC management software developed by Lenovo Corporation. There is a security vulnerability in Lenovo PC Manager, which stems from the possibility for locally authenticated users to terminate privileged processes...