shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of us
A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown function of the file /etc/shadow. Executing manipulation can lead to use of default password. The attack n
An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component
Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover
Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software installers before version 1.1.352.157 may allow an authenticated user to potentially enable escalation of p
Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.
A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation w
An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege.
A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available.
Affected are older Screen
Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading a
Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker
Improper control of dynamically-managed code resources for some Intel(R) NPU Drivers within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticat
Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 31.0.101.4032 may allow an authenticated user to potentially enable denial of service via local access.
Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6077 may allow an authenticated user to potentially enable denial of service via local access.
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC products) contains hardcoded API credentials and an OS command injection flaw in its configuration
MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fie
Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where t
CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary
The default configuration in ETSI Open-Source MANO (OSM) v.14.x, v.15.x, v.16.x, v.17.x does not impose any restrictions on the authentication attempts performed by the default admin user, allowing a
Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initial administrator account on a fresh nginx-
Page 1+ Next →