CVE-2020-19417

Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users such as the default account 'maint' to perform administrative tasks by sending specially crafted HTTP requests to the application...

CVE-2025-35471

conda-forge openssl-feedstock before 066e83c 2024-05-20, on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary co...

PT-2025-20824 · Conda Forge +2 · Conda-Forge Openssl-Feedstock +2

Name of the Vulnerable Software and Affected Versions: conda-forge openssl-feedstock versions before 066e83c 2024-05-20 Miniforge versions before 24.5.0 Description: The issue concerns a configuration in conda-forge openssl-feedstock on Microsoft Windows, where OpenSSL uses an OPENSSLDIR file pat...

CVE-2025-25178

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause kernel system memory corruption...

CVE-2024-12576

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger a crash of the FW running on the GPU freezing graphics output...

Linux Distros Unpatched Vulnerability : CVE-2021-3981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read...

CVE-2024-45718

Sensitive data could be exposed to non- privileged users in a configuration file. Local access to the computer with a low- privileged account is required to access the configuration file containing the sensitive data...

CVE-2024-45718 Sensitive data disclosure vulnerability

Sensitive data could be exposed to non- privileged users in a configuration file. Local access to the computer with a low- privileged account is required to access the configuration file containing the sensitive data...

CVE-2024-45718

The CVE-2024-45718 vulnerability affects SolarWinds Kiwi Syslog Server NG (pre-1.3.1). Local, low-privilege access can reveal sensitive data stored in configuration files to non-privileged users. Impact is data exposure as described; exploitation details aren’t provided. Remediation: upgrade to v...

CVE-2022-36110

Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions...

CVE-2024-46972

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions...

Vulnerabilities fixed in Qlik Sense Enterprise for Windows

Qlik has fixed vulnerabilities in Qlik Sense Enterprise for Windows for versions before November 2024 IR. The vulnerabilities are in the way Qlik Sense Enterprise handles network access for non-privileged users. These users can create connection objects that can execute arbitrary EXE files, leadi...

CVE-2024-22037

The uyuni-server-attestation systemd service needs a databasepassword environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users...

CVE-2024-22037

CVE-2024-22037 is referenced in SUSE updates for Uyuni tooling. The issue stems from database credentials being exposed via environment in a systemd/Podman context. The connected SUSE advisory notes that CVE-2024-22037 is fixed by switching to podman secrets to store database credentials (uyuni-t...

PT-2024-19170 · Suse · Suse Manager Server +1

Name of the Vulnerable Software and Affected Versions: SUSE Manager Server affected versions not specified Description: The issue concerns the exposure of sensitive system information due to the uyuni-server-attestation systemd service needing a database password environment variable. Although th...

Unspecified Vulnerability in JetBrains YouTrack (CNVD-2025-16856)

JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, and is primarily geared towards team collaboration management, especially suitable for software development, human resources, marketing, and other scenarios. JetBrains YouTrack suffers from a securit...

CVE-2024-40770

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings...

NewStart CGSL MAIN 6.02 : grub2 Multiple Vulnerabilities (NS-SA-2024-0068)

The remote NewStart CGSL host, running version MAIN 6.02, has grub2 packages installed that are affected by multiple vulnerabilities: - A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read i...

Privilege Escalation

github.com/dnscrypt/dnscrypt-proxy is vulnerable to Privilege escalation. The vulnerability is caused by insecure file permissions on the dnscrypt-proxy executable, which allows non-privileged users to overwrite it with malicious code, leading to potential privilege escalation to root when the...

UBUNTU-CVE-2024-36587

Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy...