414 matches found
CVE-2024-58278 IndigoSTAR Software - perl2exe <= V30.10C - Arbitrary Code Execution
perl2exe = V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized acce...
CVE-2025-54305
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LocalhostAuthMiddleware, authenticates users as ionadmin if the REMOTEADDR property in request.META is set to 127.0.0.1, to 127.0.1.1, or to ::1. Any user wit...
CVE-2025-54305
CVE-2025-54305 affects Thermo Fisher Torrent Suite Django application version 5.18.1. The LocalhostAuthMiddleware authenticates users as ionadmin when request.META[REMOTE_ADDR] is 127.0.0.1, 127.0.1.1, or ::1, allowing any user with local server access to bypass authentication. Documented impact ...
Linux Distros Unpatched Vulnerability : CVE-2025-13640
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the...
CLSA-2025-1764028069 sssd: Fix of CVE-2025-11561
CVE-2025-11561: prevent unexpected Kerberos principal-to-account mappings when SSSD's localauth plugin cannot resolve a principal...
CVE-2025-47761
An Exposed IOCTL with Insufficient Access Control vulnerability CWE-782 vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would requi...
CLSA-2025-1763397525 sssd: Fix of CVE-2025-11561
CVE-2025-11561: prevent unexpected Kerberos principal-to-account mappings when SSSD's localauth plugin cannot resolve a principal...
CVE-2025-4618 Prisma Browser: Sensitive Information Disclosure Vulnerability in Prisma Browser
A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue...
EUVD-2025-197638
A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue...
CVE-2025-8485
An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application...
Ubuntu: Security Advisory (USN-7867-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Schneider Electric PowerChute Serial Shutdown 安全漏洞
Schneider Electric PowerChute Serial Shutdown is a UPS management, normal shutdown, and energy management software from Schneider Electric France. A security vulnerability exists in Schneider Electric PowerChute Serial Shutdown that stems from improperly restricted authentication attempts, which...
sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems
A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...
EUVD-2020-30818
Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...
CVE-2020-36870
Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...
CVE-2020-36870 Ruijie Gateway EG & NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE
Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...
sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems
A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...
PT-2025-44797
Name of the Vulnerable Software and Affected Versions Lenovo Tablets affected versions not specified Description A potential issue exists in some Lenovo Tablets that may allow a locally authenticated user or application to access sensitive device-specific information. Recommendations At the momen...
Fedora 42 : sssd (2025-5f49ddd4af)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-5f49ddd4af advisory. - Fixes CVE-2025-11561 - Resolves: https://bugzilla.redhat.com/showbug.cgi?id=2402728 After startup SSSD already creates a Kerberos configuration snippet in...
Amazon Linux 2023 : libipa_hbac, libipa_hbac-devel, libsss_autofs (ALAS2023-2025-1249)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1249 advisory. A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, SSSD does not enable the Kerberos local authentication...