Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote atta...

IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be executed by the administrator. IBM X-Force ID:...

The hardware security module of Mate 9 and Mate 9 Pro Huawei smart phones with the versions earlier before MHA-AL00BC00B156, versions earlier before MHA-CL00BC00B156, versions earlier before MHA-DL00B...

Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."

PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message.

The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from lo...

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the serve...

IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620.

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058.

In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_g...

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057.

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell.

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.

An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authoriz...

In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege wit...

A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated priv...

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to ...

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to ...

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-...

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-...

IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. ...

The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static k...

An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if...