CVE-2003-1502

modthrottle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges...

CVE-2003-1474

slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris...

CVE-2003-1281

cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files...

CVE-2003-1291

VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables...

CVE-2021-31540

Wowza Streaming Engine through 4.8.5 in a default installation has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration...

CVE-2007-4500

Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 beta, and possibly later versions, allows local users to gain privileges via unspecified vectors...

CVE-2011-0801

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp...

CVE-2011-0796

Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows local users to affect confidentiality via unknown vectors...

CVE-2011-0800

Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities...

CVE-2011-0790

Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem...

CVE-2020-10588

v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo...

CVE-2020-10553

An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen aka screensaver of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify...

CVE-2024-34477

configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share because of norootsquash and insecure. In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In...

CVE-2020-7251

Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security ENS Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS...

CVE-2020-7316

Unquoted service path vulnerability in McAfee File and Removable Media Protection FRP prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a policy is triggered...

CVE-2021-31853

DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption MDE prior to 7.3.0 HF2 7.3.0.183 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder...

CVE-2021-31854

A command Injection Vulnerability in McAfee Agent MA for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the...

Siemens SCALANCE, Ruggedcom ROX Exposure of Sensitive Information to an Unauthorized Actor (CVE-2022-1353)

A vulnerability was found in the pfkeyregister function in net/key/afkey.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. This plugin only works with Tenable.ot. Please visit...

CVE-2026-22246

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon 4.3 added notifications of severed relationships, allowing end-users to inspect the relationships they lost as the result of a moderation action. The code allowing users to download lists of severed relationships...

CVE-2025-66002

CVE-2025-66002 affects smb4k (KDE mount helper). Description: an improper neutralization of argument delimiters enables local users to perform arbitrary unmounts via the smb4k mount helper. Impact details in sources indicate local access, low privileges required, with potential high impact on ava...