A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. VDB-230686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.
In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters.
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.
Incorrect access control in the kernel driver of ThreatFire System Monitor v4.7.0.53 allows attackers to escalate privileges and execute arbitrary commands via an insecure IOCTL.
Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.
Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.
Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.
Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.
Memory corruption in Automotive Multimedia due to improper access control in HAB.
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow the attacker to gain privileges equivalent to the root user.
Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.
The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service credentials stored in plaintext, enabling further compromise of the network and connected systems.
Improper access control in some Intel Unite(R) Client software before version 4.2.35041 may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls.
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.
Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation on the system.
Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.
Improper access control element in some Intel(R) Ethernet tools and driver install software, before versions 28.2, may allow an authenticated user to potentially enable escalation of privilege via local access.
Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component.
Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege escalation on the system.
Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.
A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system.
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
Windows Kernel Elevation of Privilege Vulnerability
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.
Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.
Memory corruption while handling client exceptions, allowing unauthorized channel access.
Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been rated as critical. Affected by this issue is some unknown functionality of the file /action/upload_file. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.
A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code.
Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability
Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.