FortiWLC - Multiple Buffer Overflow vulnerabilities

Multiple instances of stack-based buffer overflow vulnerability CWE-121 in the command line interface of FortiWLC may allow a local, authenticated attacker to crash the access point being managed by the controller and potentially execute unauthorized code via a specifically crafted CLI command...

PUB-A-169258733

In phNxpNciHalprintresstatus of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

GSD-2021-1000003 CWE-379 in fabric-sdk-rest version All released versions (project is now archived)

In Hyperledger fabric-sdk-rest version All released versions project is now archived a CWE-379 exists in the packages/fabric-rest/fabric-rest-server script that can be attacked via Local resulting in File overwrite from a privileged user...

GSD-2021-1000010 temporary file creation (CWE-379) in fabric-samples version Prior to commit 6bccc138887b3dbd9dc920bad200068b11066ef7

In Hyperledger fabric-samples version Prior to commit 6bccc138887b3dbd9dc920bad200068b11066ef7 a temporary file creation CWE-379 exists in the digibank.sh and magnetocorp.sh that can be attacked via Local resulting in Information disclosure of all environmental variables...

CVE-2021-31924

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...

[ASA-202105-6] keycloak: multiple issues

Arch Linux Security Advisory ASA-202105-6 ========================================= Severity: High Date : 2021-05-19 CVE-ID : CVE-2020-14302 CVE-2020-27838 CVE-2021-3513 CVE-2021-20202 CVE-2021-20222 Package : keycloak Type : multiple issues Remote : Yes Link :...

Google TensorFlow 代码问题漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow RaggedBinCount. A local attacker could exploit this vulnerability to cause a denial of service...

Google Android System Elevation of Privilege Vulnerability (CNVD-2021-43415)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the System component of Google Android versions 9, 10, and 11, which can be exploited by an attacker to cause a...

Design/Logic Flaw

An out-of-bounds OOB memory access flaw was found in x25bind in net/x25/afx25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel...

CVE-2021-1496 Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execut...

CVE-2021-1430 Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execut...

CVE-2021-25319

A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions...

Google Android 注入漏洞

Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android 11. The vulnerability arises due to a privilege bypass in isRestricted in RemoteViews.java. An attacker could exploit the...

EulerOS 2.0 SP3 : unbound (EulerOS-SA-2021-1857)

According to the version of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that...

CVE-2021-31432

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

CVE-2021-31431

The CVE-2021-31431 entry affects Parallels Desktop 15.1.5-47309, specifically the IDE virtual device. The vulnerability stems from improper validation of user-supplied data in the IDE virtual device, causing an information disclosure via a read past the end of an allocated buffer. An attacker mus...

CVE-2021-31418

Parallels Desktop 15.1.4-47270 is affected by a Toolgate memory initialization flaw that allows local attackers to disclose sensitive information from the guest environment. The issue arises from uninitialized memory access; a low-privilege, local code execution on the target guest, combined with...

CVE-2021-31419

Parallels Desktop 15.1.4-47270 is affected by a vulnerability in the Toolgate component where memory is not properly initialized before access. This enables local, low-privilege attackers with control on the target guest to disclose sensitive information; the issue can be leveraged with other vul...

CVE-2021-31419

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

PT-2021-18397 · Ibm · Ibm Spectrum Protect Client

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Client versions 8.1.0.0-8 through 1.11.0 Description: The issue is caused by improper bounds checking when processing the current locale settings, leading to a stack-based buffer overflow. A local attacker could overflow ...