219 matches found
CVE-2025-40573
A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0 HF0. Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder...
CVE-2025-40573
A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0 HF0. Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder...
CVE-2025-40573
A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0 HF0. Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder...
microcode_ctl: Improper initialization in UEFI firmware OutOfBandXML module
Improper initialization in UEFI firmware OutOfBandXML module in some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access...
CVE-2025-35471
CVE-2025-35471 affects the conda-forge openssl-feedstock (pre-066e83c, 2024-05-20) on Windows. The issue arises from configuring OpenSSL to use an OPENSSLDIR path writable by non-privileged local users; an attacker can place a crafted openssl.cnf in OPENSSLDIR and trigger arbitrary code execution...
CVE-2025-20911
Improper access control in semwifi service prior to SMR Mar-2025 Release 1 allows privileged local attackers to update MAC address of Galaxy Watch...
CVE-2025-20911
CVE-2025-20911 describes improper access control in the Samsung sem_wifi service before SMR Mar-2025 Release 1, enabling privileged local attackers to update the MAC address of Galaxy Watch devices. Core details in public feeds indicate the issue is tied to a local-privilege scenario with high pr...
CVE-2025-20911
Improper access control in semwifi service prior to SMR Mar-2025 Release 1 allows privileged local attackers to update MAC address of Galaxy Watch...
Zoom Workplace 安全漏洞
Zoom Workplace is a desktop application from Zoom USA. A security vulnerability exists in Zoom Workplace versions prior to 6.1.5, which stems from uncontrolled resource consumption by the installer and could lead to the disclosure of information via local access by privileged users...
CVE-2025-21106
Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. A low privileged Local attacker could potentially exploit this vulnerability, leading to impacting only non-sensitive resources in the system...
ALPINE-CVE-2023-43758
Improper input validation in UEFI firmware for some IntelR processors may allow a privileged user to potentially enable escalation of privilege via local access...
CVE-2024-47562
A vulnerability has been identified in SINEC Security Monitor All versions V4.9.0. The affected application does not properly neutralize special elements in user input to the ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to execute privileged commands i...
Dell Edge Gateway 安全漏洞
Dell Edge Gateway is a series of intelligent gateway devices from Dell USA Inc. It is designed to aggregate, protect, analyze and relay data from various sensors and devices at the edge of the network. A security vulnerability exists in Dell Edge Gateway, which stems from the presence of a...
DEBIAN-CVE-2024-24968
Improper finite state machines FSMs in hardware logic in some IntelR Processors may allow an privileged user to potentially enable a denial of service via local access...
DEBIAN-CVE-2024-23984
Observable discrepancy in RAPL interface for some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access...
CVE-2024-41174
The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker...
USN-6973-1 linux, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-xilinx-zynqmp vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service system crash. CVE-2024-24860 Several security issues were discovere...
USN-6972-1: Linux kernel vulnerabilities
Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service system crash. CVE-2024-22099 It was discovered that a race condition existed in th...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Intel Microcode vulnerabilities (USN-6967-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6967-1 advisory. It was discovered that some Intel Core Ultra Processors did not properly isolate the stream cache. A loca...
PT-2024-13684 · Unknown · Openbmc Firmware
Name of the Vulnerable Software and Affected Versions: OpenBMC Firmware versions prior to egs-1.15-0 OpenBMC Firmware versions prior to bhs-0.27 Description: The issue is an out of bounds read that may allow a privileged user to potentially enable information disclosure via local access...