Incorrect Default Permissions for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access.

Uncontrolled search path for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Uncontrolled search path for some Intel(R) Graphics software for Intel(R) Arc™ graphics and Intel(R) Iris(R) Xe graphics before version 32.0.101.6325/32.0.101.6252 may allow an authenticated user to p...

Uncontrolled search path element for some Intel(R) Ethernet Connection software before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator p...

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification v...

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via e...

A path traversal vulnerability exists in the `install` and `uninstall` API endpoints of parisneo/lollms-webui version V12 (Strawberry). This vulnerability allows attackers to create or delete director...

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) b...

An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to caus...

A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database...

A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_f...

Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of s...

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files...

Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of...

Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00.

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the per...

An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component.

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiR...

An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected...

Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to ...