CVE-2025-6723

Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially...

EUVD-2025-206578

Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially resulting in elevated...

PT-2026-5397

Name of the Vulnerable Software and Affected Versions Chef InSpec versions through 5.23 Description Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficie...

Microsoft Windows 访问控制错误漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Windows. An attacker could exploit this vulnerability to gain elevated privileges. The following products and editions are...

Microsoft Windows 访问控制错误漏洞

Microsoft Windows is a suite of operating systems used by Microsoft Corporation USA for personal devices. An access control error vulnerability exists in the Microsoft Windows StateRepository API. An attacker could exploit the vulnerability to elevate privileges. The following products and editio...

CVE-2024-13975 Commvault 11.20.0 - 11.36.0 Windows Access Nodes Compromise via Local File Server Agent Abuse

A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This ma...

CVE-2024-12310 Bypass of Login Screen on Shared Kiosk Workstations

A vulnerability in Imprivata Enterprise Access Management formerly Imprivata OneSign allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlying Windows system through the already logged-in autologon account due to insufficient handling of...

CVE-2025-20298 Incorrect permission assignment on Universal Forwarder for Windows during new installation or upgrade

In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory by default, C:\Program...

CVE-2023-50706

A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens...

CVE-2021-42797

Path traversal vulnerability in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources...

Path traversal

Path traversal vulnerability in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources...

CVE-2021-42797

CVE-2021-42797 — AVEVA Edge (formerly InduSoft Web Studio) : Path traversal in AVEVA Edge versions R2020 and prior allows an unauthenticated user to disclose the Windows access token used for external DB resources. Affected product: AVEVA Edge; vulnerable component(s): runtime/installation flow t...

CVE-2021-42797

Path traversal vulnerability in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources...

AVEVA Edge has an information disclosure vulnerability

AVEVA Edge is a highly scalable and flexible HMI/SCADA software from the UK-based Jianwei Software AVEVA. An information disclosure vulnerability exists in AVEVA Edge version 2020 R2, which can be exploited by an attacker to obtain account information for accessing external DB resource...

AVEVA Edge 安全漏洞

AVEVA Edge is a highly scalable and flexible HMI/SCADA software from the UK-based Jianwei Software AVEVA. An information disclosure vulnerability exists in AVEVA Edge version 2020 R2, which can be exploited by an attacker to obtain account information for accessing external DB resource...

CVE-2019-13546

In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the...

openSUSE Security Update : java-11-openjdk (openSUSE-2019-161)

This update for java-11-openjdk to version 11.0.2+7 fixes the following issues : Security issues fixed : - CVE-2019-2422: Better FileChannel transfer performance bsc1122293 - CVE-2019-2426: Improve web server connections - CVE-2018-11212: Improve JPEG processing bsc1122299 - Better route routing ...

Security update for java-11-openjdk (important)

openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2019:0161-1 Rating: important References: 1120431 1122293 1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilitie...

IBM i Access for Windows Untrustworthy Search Path Vulnerability

IBM i Access for Windows is a suite of client solutions from IBM in the United States that provide access to and use of desktop resources from a variety of different Windows operating systems. An untrusted search path vulnerability exists in IBM i Access for Windows version 7.1, which can be...

Norwegian Air Shuttle airline kiosk authentication bypass vulnerability vulnerability

The Norwegian Air Shuttle airline kiosk is a series of self-service kiosks for Norwegian Air. An authentication bypass vulnerability exists in the Norwegian Air Shuttle airline kiosk. An attacker could exploit this vulnerability to gain administrator access and network access to the underlying...