zsh utils.c:checkmailpath function stack buffer overflow vulnerability

Z Shell Zsh is a Unix shell that can be used as an interactive login shell and a shell script command interpreter. A stack buffer overflow vulnerability exists in the utils.c:checkmailpath function in zsh. A local attacker can exploit this vulnerability to execute arbitrary code in the context of...

UBUNTU-CVE-2018-1100

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user...

Zsh Local Stack Buffer Overflow Vulnerability

Zsh is an interactive command interpreter and command programming language used on Linux systems. A security vulnerability exists in the shell autocomplete feature in versions prior to Zsh 5.4.2-test-1. A local attacker can exploit this vulnerability by creating specially crafted directory paths ...

UBUNTU-CVE-2018-1083

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mention...

OpenJDK: loading of classes from untrusted locations (I18n, 8182601)

It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file...

Schneider Electric IGSS SCADA Software Local Code Execution Vulnerability

Schneider Electric IGSS SCADA Software is a shared service platform for SCADA Data Acquisition and Supervisory Control systems from Schneider Electric France. A security vulnerability exists in Schneider Electric IGSS SCADA Software version 12 and earlier, which stems from incorrect security...

Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2018-05739 )

Microsoft Windows 10 and Windows Server 2016 are both products of Microsoft Corporation USA. The former is a set of operating systems for personal computers and the latter is a server operating system. A privilege-lifting vulnerability exists in Microsoft Windows 10 version 1607 and Windows Serve...

SUSE-SU-2018:0431-1 Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP3)

This update for the Linux Kernel 4.4.92-630 fixes one issue. The following security issue was fixed: - CVE-2017-17712: The rawsendmsg function had a race condition that lead to uninitialized stack pointer usage. This allowed a local user to execute code and gain privileges bsc1073230...

Privilege escalation

NVIDIA libnvmmliteaudio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-38027496...

Privilege escalation

NVIDIA libnvmmliteaudio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-65023166...

CVE-2017-6258

NVIDIA libnvmmliteaudio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-38027496...

CVE-2017-6279

NVIDIA libnvmmliteaudio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-65023166...

CVE-2017-6279

NVIDIA libnvmmliteaudio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-65023166...

CVE-2017-6258

CVE-2017-6258 describes an elevation-of-privilege vulnerability in NVIDIA libnvmmlite_audio.so when running in the Android media server. The issue may cause an out-of-bounds write and could lead to local code execution in a privileged process. Affected product is Android; remediation is tied to A...

CVE-2017-6279

CVE-2017-6279 affects NVIDIA Tegra OpenMax component OMX.Nvidia.aac.decoder in the Android media framework. The vendor bulletin notes the component is not actively used or maintained, and that disabling dead code to avoid malicious software can allow instantiation of this component, potentially l...

Google Android NVIDIA component elevation of privilege vulnerability (CNVD-2018-02982)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A power lifting vulnerability exists in the NVIDIA libnvmmliteaudio.so file in Android. A local attacker can exploit this vulnerability to execute code write across boundaries...

Design/Logic Flaw

Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder...

OpenJDK: loading of classes from untrusted locations (I18n, 8182601)

It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file...

CVE-2018-0103

A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format ARF files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a...

Cisco WebEx Network Recording Player Buffer Overflow Vulnerability (CNVD-2018-02227)

Cisco WebEx Network Recording Player is an application used to play back WebEx meeting minutes recorded on the computers of online meeting participants. A buffer overflow vulnerability exists in Cisco WebEx Network Recording Player. A local attacker could exploit this vulnerability by sending a...