17 matches found
PT-2025-45604
Name of the Vulnerable Software and Affected Versions Jumo variTRON300 affected versions not specified Description A flaw exists in the password generation algorithm when accessing the debug interface. An unauthenticated local attacker who knows the password generation timeframe may be able to...
EUVD-2019-10476
Malware in sbrugna...
EUVD-2024-41404
Malicious code in bioql PyPI...
CVE-2025-30034
A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.3. Affected devices do not properly validate input sent to its listening port on the local loopback interface. This could allow an unauthenticated local attacker to cause a denial of service condition...
CVE-2023-49676
An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability...
CVE-2020-9250
There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. Vulnerability ID: HWPSIRT-2019-12302 Th...
CVE-2023-25542
Dell Trusted Device Agent, versions prior to 5.3.0, contains an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges...
CVE-2022-24410
Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces...
多款Pilz产品路径遍历漏洞
Pilz PASvisu and others are products of Pilz, a German company.Pilz PASvisu is an HMI solution for machine visualization.Pilz PAS4000 is a software platform for the automation system PSS 4000.Pilz PAScal is an application... A path traversal vulnerability exists in several Pilz products. An...
CVE-2022-20864
A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor ROMMON Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot...
D-Link DIR-878 操作系统命令注入漏洞
The D-Link DIR-878 is a wireless router from D-Link, a Taiwan-based company. The D-Link DIR-878 is vulnerable to a command injection vulnerability that could be exploited by an unauthenticated LAN attacker to execute arbitrary system commands to control the system or interrupt services...
CVE-2022-22262
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file pat...
CVE-2018-0335
A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring...
CVE-2017-12361
A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to the way Cisco Jabber...
Cisco Prime Collaboration Provisioning Tool Local Information Disclosure Vulnerability (CNVD-2017-11546)
Cisco Prime Collaboration is a comprehensive video and voice service assurance and management system. A security vulnerability exists in the logging subsystem in the Cisco Prime Collaboration Provisioning tool, where an unauthenticated local attacker obtains sensitive information. The vulnerabili...
CVE-2017-3813
A vulnerability in the Start Before Logon SBL module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the acce...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2016-05389)
Oracle MySQL Server is a lightweight relational database system. A security vulnerability exists in Oracle MySQL Server 5.7.12 and earlier versions, which can be exploited by an unauthenticated, local attacker to affect availability...