Connected Devices Platform Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker...

CVE-2018-19441

An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secretkey values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to...

Huawei Mate 20 has an unspecified vulnerability

Huawei Mate 20 is a smartphone from Chinese company Huawei Huawei. A security vulnerability in previous versions of Huawei Mate 20 10.0.0.175 C00E70R3P8, which stems from the program's failure to perform adequate authentication, can be exploited by a local attacker to disclose information and...

CVE-2019-18575

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system...

CVE-2019-3654

Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy MCP prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be...

McAfee Client Proxy CVE-2019-3654 Local Authentication Bypass Vulnerability

Description McAfee Client Proxy is prone to a local authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. McAfee Client Proxy MCP versions prior to 3.0.0 are vulnerable. Technologies Affected McAfee Client...

SUSE-SU-2019:2268-1 Security update for pacemaker

This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2018-16877: Fixed insufficient local IPC client-server authentication on the client's side. bsc1131356 - CVE-2018-16878: Fixed insufficient verification inflicted preference of uncontrolled processes bsc1131353 Oth...

CVE-2019-1180

An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially...

PT-2019-3044 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in handling objects in memory by the rpcss.dll library in the Windows operating system. This could allow an attacker to elevate their privileges and execute...

OPENSUSE-SU-2019:1750-1 Security update for dbus-1

This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUSCOOKIESHA1 which could have allowed local attackers to bypass authentication bsc1137832. This update was imported from the SUSE:SLE-15-SP1:Update update project...

SUSE-SU-2019:14111-1 Security update for dbus-1

This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUSCOOKIESHA1 which could have allowed local attackers to bypass authentication bsc1137832...

SUSE-SU-2019:1597-1 Security update for dbus-1

This update for dbus-1 fixes the following issue: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUSCOOKIESHA1 which could have allowed local attackers to bypass authentication bsc1137832...

CVE-2019-1774

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker cou...

Cisco NX-OS Command Injection Vulnerability (CNVD-2019-14623)

Cisco NX-OS is the network operating system for the Cisco Nexus family of Ethernet switches and the MDS family of Fibre Channel storage area network switches. A command injection vulnerability exists in the CLI of Cisco NX-OS. The vulnerability stems from insufficient validation of parameters...

Cisco FXOS and NX-OS Command Injection Vulnerabilities

Cisco FXOS is the Firepower extensible operating system.Cisco NX-OS is the network operating system for the Cisco Nexus family of Ethernet switches and the MDS family of Fibre Channel storage area network switches. A command injection vulnerability exists in the CLI of Cisco FXOS and NX-OS. The...

Design/Logic Flaw

Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers under the same user context to obtain cleartext credentials of the stored account...

CVE-2019-10885

An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context...

Windows Subsystem for Linux Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially...

CVE-2019-1608

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

CVE-2019-1596

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of a system executable. A...