Winpakpro 4.8 - (ScheduleService) Unquoted Service Path Vulnerability

Exploit Title: Winpakpro 4.8 - 'ScheduleService' Unquoted Service Path Discovery by: Alan Mondragon Vendor Homepage: https://www.security.honeywell.com/product-repository/winpak Software Links : https://www.security.honeywell.com/product-repository/winpak WinPackPro Tested Version: 4.8...

Interactive Suite 3.6 - (eBeam Stylus Driver) Unquoted Service Path Vulnerability

Exploit Title: Interactive Suite 3.6 - 'eBeam Stylus Driver' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.luidia.com Software Link: http://down.myequil.com/dn/setup/ScrapBookwin/down.html Tested Version: 3.6 Tested on OS: Windows 10 Pro x64 es Step to discover...

QNAP QVR Client 5.0.0.13230 - (QVRService) Unquoted Service Path Vulnerability

Exploit Title: QNAP QVR Client 5.0.0.13230 - 'QVRService' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.qnap.com Tested Version: 5.0.0.13230 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es Step to discover Unquoted Service Path: C:\wm...

HPSBPI03720 rev. 1 - Software Vulnerability with Certain HP OfficeJet and PageWide Solutions

Potential Security Impact Local Code Execution Source: HP, HP Product Security Response Team PSRT VULNERABILITY SUMMARY HP has identified a security vulnerability with the I.R.I.S. OCR Optical Character Recognition software available with HP PageWide and OfficeJet printer software installations...

Vulnerability fixed in QEMU

A vulnerability has been fixed in QEMU. The vulnerability allows potentially allow a local malicious person from a guest system to execute arbitrary code on the host system under root permissions. Exploiting the vulnerability is no easy task. -= Red Hat =- Red Hat has made updates available for R...

PYSEC-2021-891

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior t...

UBUNTU-CVE-2021-25315

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior t...

Western Digital My Cloud Multiple Products 5.0 < 5.10.122 Multiple Vulnerabilities (WDC-21002)

Multiple Western Digital My Cloud products are prone to a local code execution and information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

PT-2021-17041 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.4-25553 Description: The issue is related to an incorrect authorization vulnerability in the synoagentregisterd component of Synology DiskStation Manager DSM, allowing local users to...

DEBIAN-CVE-2021-3410

A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in cacaresize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context...

UBUNTU-CVE-2021-3410

A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in cacaresize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context...

PT-2021-3607

Name of the Vulnerable Software and Affected Versions libcaca version 0.99.beta19 Description A flaw was found in the caca resize function in libcaca/caca/canvas.c, which is related to a buffer overflow issue. This may lead to local execution of arbitrary code in the user context. The issue can...

CVE-2020-11635

The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges...

SUSE-SU-2021:0433-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel bnc1181349. -...

VulnCheck KEV: CVE-2008-3431

An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code...

Modesty pdfjson buffer error vulnerability

Modesty Pdf2json is Modesty individual developers of a Java-based PDF files can interact with Json files code library. A buffer error vulnerability exists in pdf2json 0.69, which stems from a buffer overflow that allows a local user to execute arbitrary code by converting a carefully crafted PDF...

Fedora 32 : kernel (2021-6e805a5051)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-6e805a5051 advisory. - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local...

CVE-2021-25758

In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution...

CVE-2021-25758

In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution...

Deserialization of untrusted data

In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution...