2012 matches found
CVE-2020-1992
A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card LFC allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS...
Format string
A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card LFC allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS...
CVE-2020-5348
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFIBOOTSERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in system management mode...
Schneider Electric IGSS IGSSupdateservice Improper Access Control Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric IGSS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
CVE-2020-11498
Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...
CVE-2020-10515
STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006...
CVE-2020-11498
Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...
CVE-2020-10515
STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006...
CVE-2020-1712
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by...
TP-Link Archer A7 AC1750 Buffer Overflow Vulnerability
The TP-Link Archer A7 AC1750 is a wireless router from China P&L TP-Link. A buffer overflow vulnerability exists in the handling of DNS responses in the TP-Link Archer A7 using firmware version 190726 AC1750. A remote attacker could exploit this vulnerability to execute arbitrary code with the he...
CVE-2020-8866
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of...
CVE-2020-8866
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of...
CVE-2020-8866
CVE-2020-8866 affects Horde Groupware Webmail Edition 5.2.22, with a flaw in add.php where insufficient validation of user-supplied data allows remote attackers (authenticated) to upload arbitrary files. This can enable code execution in the www-data context when combined with other vulnerabiliti...
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2020-1301)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-202003-42 : libgit2: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202003-42 libgit2: Multiple vulnerabilities Multiple vulnerabilities have been discovered in libgit2. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly overwrite arbitrary paths,...
libgit2: Multiple vulnerabilities
Background libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API. Description Multiple vulnerabilities have been discovered in libgit2. Please review the CVE identifiers referenced below for details. Impact An attacker coul...
Microsoft Windows AppX Deployment Service Hard Link Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppX Deploymen...
GLSA-202003-30 : Git: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202003-30 Git: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly overwrite arbitrary paths, execute...
CVE-2019-13169
CVE-2019-13169 affects some Xerox printers (e.g., Phaser 3320) due to a buffer overflow in the Content-Type HTTP Header of the device’s web application. The underlying cause is improper handling of Content-Type header data, enabling an attacker to potentially execute arbitrary code on the device....
CVE-2019-12182
Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API...