CVE-2020-5895

On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...

CVE-2020-8487

Insufficient protection of the inter-process communication functions in ABB System 800xA Base all published versions enables an attacker authenticated on the local system to inject data, affect node redundancy handling...

CVE-2024-24828

An incorrect default permissions vulnerability was found in pkg. This issue allows an attacker who has access to the /tmp/pkg/ on the local system to replace the genuine executables in the shared directory with malicious executables of the same name...

CVE-2023-42557

The CVE-2023-42557 issue affects libIfaaCa prior to Samsung SMR Dec-2023 Release 1. It is described as an out-of-bounds write that enables local attackers to execute arbitrary code. Affected software/component: libIfaaCa; root cause: out-of-bounds write; impact: local code execution with HIGH con...

Design/Logic Flaw

On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...