SUSE CVE-2018-18398

Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method...

SUSE CVE-2018-19640

If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 e.g. with CVE-2018-19638 he can kill arbitrary processes on the local machine...

SUSE CVE-2019-1010189

mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1...

SUSE CVE-2019-1010190

mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash if the memory is not mapped. The component is: putwhitespan in g3/pbm2g3.c. The attack vector is: Local, the victim must open a specially crafted file. The fixed version is: 1.2.1...

SUSE CVE-2020-1712

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by...

SUSE CVE-2021-3714

A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a network...

SUSE CVE-2021-21147

Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

SUSE CVE-2021-26320

Insufficient validation of the AMD SEV Signing Key ASK in the SENDSTART command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP...

SUSE CVE-2021-31924

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...

The vulnerability in the Linux operating system’s driver/Android/binder.c kernel code allows a local attacker to increase their privileges.

The vulnerability in the Linux kernel’s drivers/android/binder.c code relates to the improper handling of BINDERTYPEFDA type objects with zero size. Exploiting this vulnerability can allow an attacker to gain increased privileges...

Microsoft Office Publisher Security Feature Bypass Vulnerability

Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system...

Qualcomm 芯片代码问题漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and often fabricated on the surface of semiconductor wafers. A security vulnerability exists in the Qualcomm chip wlan driver, which stems fro...

Qualcomm 芯片输入验证错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and often manufactured on the surface of semiconductor wafers. A security vulnerability exists in Qualcomm's chip engineermode services, which...

PT-2023-1525 · Trend Micro · Trend Micro Apex One

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Description: A security issue in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder, and replace it with a junction to an arbitrary...

CVE-2023-20023

Multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid...

CVE-2022-34396

Dell OpenManage Server Administrator OMSA version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated...

Design/Logic Flaw

Dell OpenManage Server Administrator OMSA version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated...

ASB-A-242537431

In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table

xaviershay-dm-rails Gem for Ruby contains a flaw in the execute function in /datamapper/dm-rails/blob/master/lib/dm-rails/storage.rb. The issue is due to the function exposing sensitive information via the process table. This may allow a local attack to gain access to MySQL credential information...

GHSA-88P8-4VV5-82J7 xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table

xaviershay-dm-rails Gem for Ruby contains a flaw in the execute function in /datamapper/dm-rails/blob/master/lib/dm-rails/storage.rb. The issue is due to the function exposing sensitive information via the process table. This may allow a local attack to gain access to MySQL credential information...