Exploit for Code Injection in Paradox Ipr512_Firmware

Injection vulnerability in Paradox Security Systems IPR512 - C...

CVE-2022-41141

This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of...

CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

CVE-2016-15014

Summary: CVE-2016-15014 affects the CESNET theme-cesnet for ownCloud up to version 1.x. The issue concerns an unknown function in cesnet/core/lostpassword/templates/resetpassword.php that results in insufficiently protected credentials. Exploitation is described as local-only. The recommended fix...

PT-2023-10333 · Cesnet · Cesnet Theme-Cesnet

Name of the Vulnerable Software and Affected Versions: CESNET theme-cesnet versions up to 1.x Description: A vulnerability has been found in the CESNET theme-cesnet, affecting an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to...

CVE-2022-47908

Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file...

CVE-2022-41645

Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file...

CVE-2022-4641

A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. T...

CVE-2022-4641

A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. T...

CVE-2022-4641 pig-vector LogisticRegression.java LogisticRegression temp file

A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. T...

PYSEC-2022-43062

A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparserfindproxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4....

CVE-2019-25078

A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparserfindproxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4....

PT-2022-8295 · Pacparser +1 · Pacparser +1

Name of the Vulnerable Software and Affected Versions: pacparser versions up to 1.3.x Description: A problematic vulnerability was found in pacparser, affecting the pacparser find proxy function of the file src/pacparser.c. The manipulation of the url argument leads to buffer overflow. This issue...

CVE-2019-25078

CVE-2019-25078 affects pacparser up to 1.3.x. The vulnerable component is the function pacparser_find_proxy in src/pacparser.c, where manipulating the url argument leads to a buffer overflow. Local access is required for exploitation. A fix is available in pacparser 1.4.0, with patch identified b...

Authorization

Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51 allows local attackers to create arbitrary file using symbolic link...

CVE-2022-42769

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services...

PT-2022-27037 · Ibm · Ibm Spectrum Scale

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Scale versions 5.1.0.1 through 5.1.4.1 Description: The issue allows a local attacker to execute arbitrary commands in the container. Recommendations: For IBM Spectrum Scale versions 5.1.0.1 through 5.1.4.1, at the moment, there ...

PUB-A-238716781

In validoutofspecialsecdramaddr of drmaccesscontrol.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.79 and fixes at least the following security issues: A flaw was found in the Linux kernel. A race issue occurs between an iouring request and the Unix socket garbage collector, allowing an attacker local privilege escalation CVE-2022-2602. A...

CVE-2022-44650

A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on...