276 matches found
CVE-2024-13842
A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data...
CVE-2024-53919
An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root...
CVE-2024-38646
An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow local authenticated attackers who have gained administrator access to read or modify the resource. We have already fixed the vulnerabilit...
CVE-2024-38654
Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service...
CVE-2024-5532
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Operations Agent. The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system...
CVE-2024-5532
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Operations Agent. The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system...
CVE-2024-5532
CVE-2024-5532 is a stored XSS vulnerability in OpenText OpenText Operations Agent. The issue allows an attacker with local admin privileges to manipulate the content of the agent’s internal status page on the local system. Affected versions are 12.20–12.26. The connected sources reiterate the sam...
CVE-2024-5532 A stored XSS vulnerability has been discovered on OpenText™ Operations Agent (OA).
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Operations Agent. The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system...
PT-2024-11894 · Synology · Synology Drive Client
Name of the Vulnerable Software and Affected Versions: Synology Drive Client versions prior to 3.4.0-15721 Description: A buffer copy without checking the size of the input, also known as a 'Classic Buffer Overflow', exists in the connection management functionality. This issue allows local users...
VulnCheck KEV: CVE-2024-22252
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to the failure to disallow unsolicited invites when shared channels are enabled, This allowing an attacker to send an invite with the ID of an existing local channel, causing that local...
How to Manually Create a Database for Provisioning Services
This article describes how to manually create a database for Provisioning Services when the database administrator prefers to create the database manually. Requirements The DbScript.exe file located in “C:\Program Files\Citrix\Provisioning Services”. SQL Database Server. SysAdmin privileges to ru...
CVE-2024-37086
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host...
CVE-2024-37086
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host...
PT-2024-8636 · Ivanti · Ivanti Secure Access Client
Name of the Vulnerable Software and Affected Versions: Ivanti Secure Access Client versions prior to 22.7R3 Description: The issue is related to improper bounds checking, which can be exploited by a local authenticated attacker with admin privileges to cause a denial of service. This is due to a...
PT-2024-22653 · Dell · Dell Client Bios
Name of the Vulnerable Software and Affected Versions: Dell Client BIOS affected versions not specified Description: The issue is related to an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to...
PT-2024-19430 · Dell · Dell Bios
Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this, leading to denial of service...
CVE-2024-25102
This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm hash SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this...
Design/Logic Flaw
This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system. Successful exploitation of this vulnerability could allow the attacker to...
CVE-2024-25103
CVE-2024-25103 affects AppSamvid software, with DLL hijacking as the underlying vector due to vulnerable/outdated components. Local administrative privileges are required to place malicious DLLs on the target system, enabling arbitrary code execution if exploited. The available connected document...