PT-2019-16842 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server versions 9.7, 10.1, 10.5, and 11.1 Description: The issue is a buffer overflow that could allow an authenticated local attacker to execute arbitrary code on the system as root...

CVE-2019-3716

RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further...

CVE-2019-4016

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894...

CVE-2019-4015

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893...

CVE-2018-1980

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078...

CVE-2019-1610

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

PT-2019-16843 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server versions 9.7, 10.1, 10.5, and 11.1 Description: The issue is a buffer overflow that could allow an authenticated local attacker to execute arbitrary code on the system as root...

PT-2019-16844 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server versions 9.7, 10.1, 10.5, and 11.1 Description: The issue is a buffer overflow that could allow an authenticated local attacker to execute arbitrary code on the system as root...

CVE-2019-1606

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

Intel Data Center Manager SDK Information Disclosure Vulnerability

Intel Data Center Manager SDK is a data center manager SDK software development kit from Intel USA. The product provides real-time power and cooling data for devices. An information disclosure vulnerability exists in Intel Data Center Manager SDK versions prior to 5.0.2. An authenticated user can...

CVE-2018-12159

Buffer overflow in the command-line interface for IntelR PROSet Wireless v20.50 and before may allow an authenticated user to potentially enable denial of service via local access...

CVE-2019-0029

Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3...

CVE-2019-0004 Juniper ATP: API and device keys are logged in a world-readable permissions file

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3...

CVE-2018-0481

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

CVE-2018-17984

An unanchored /a-z2/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access...

CVE-2018-1000645

LibreHealthIO lh-ehr version REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import...

CVE-2018-0342

A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service DoS condition on an affected device. The vulnerability is due to incomplete bounds chec...

Huawei LYO-L21 Cell Phone Elevation of Privilege Vulnerability

The Huawei LYO-L21 is a smartphone product of the Chinese company Huawei. An elevation of privilege vulnerability exists in the Huawei LYO-L21 phone. After tricking a user into installing a malicious mobile application, an authenticated, local attacker constructs malformed messages and exploits t...

CVE-2018-1488

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973...

FreeBSD -- Mishandling of x86 debug exceptions

Problem Description: The MOV SS and POP SS instructions inhibit debug exceptions until the instruction boundary following the next instruction. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the...