CVE-2021-1647 Microsoft Windows Defender Zero-Day Vulnerability

Microsoft Defender Remote Code Execution Vulnerability Recent assessments: cdelafuente-r7 at January 13, 2021 3:55pm UTC reported: No useful information has been published so far and most of the speculations found online are based on the CVSS 3.0 metrics found in the advisory. That said, the atta...

CVE-2020-29502

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able ...

PT-2021-9623 · Unknown · Mobile-911 Server

Name of the Vulnerable Software and Affected Versions: Mobile-911 Server version V2.5 Description: A local privilege elevation issue exists in the file system permissions of the Mobile-911 Server install directory. This allows an attacker to overwrite the service executable, execute arbitrary cod...

CVE-2020-9137

There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful...

pacemaker: ACL restrictions bypass

An ACL bypass flaw was found in Pacemaker. This flaw allows an attacker with a local account on the cluster and in the haclient group to use IPC communication with various daemons to directly perform certain tasks that would be prevented if they had gone through configured ACLs. The highest threa...

USN-4667-1 apt vulnerability

Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause APT to crash or stop responding, resulting in a denial of service...

Design/Logic Flaw

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for...

Insecure Temporary File

mathtex is vulnerable to insecure temporary file. An attacker can gain access to the temporary files and use it for local attack vectors...

CVE-2020-28941

An issue was discovered in drivers/accessibility/speakup/spkttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used mor...

Design/Logic Flaw

An issue was discovered in drivers/accessibility/speakup/spkttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used mor...

CVE-2020-28941

An issue was discovered in drivers/accessibility/speakup/spkttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used mor...

Linux kernel buffer over-read vulnerability

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A buffer over-read vulnerability exists in the fbcon code in Linux kernel versions prior to 5.8.15. A local attacker...

SUSE-SU-2020:3178-1 Security update for the Linux Kernel (Live Patch 20 for SLE 15)

This update for the Linux Kernel 4.12.14-15058 fixes several issues. The following security issues were fixed: - CVE-2020-14381: Fixed a use-after-free in the fast user mutex futex wait operation, which could have lead to memory corruption and possibly privilege escalation bsc1176011. -...

Huawei EulerOS: Security Advisory for perl-DBI (EulerOS-SA-2020-2382)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-16007

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem...

CVE-2020-27992

Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILESX86%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users...

UBUNTU-CVE-2020-27187

An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcoreexternalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related...

USN-4552-2 pam-python vulnerability

Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root...

CVE-2020-3535

CVE-2020-3535 – Cisco Webex Teams for Windows DLL Hijacking . A local, authenticated attacker can place a malicious DLL in a specific location; when Webex Teams launches, the DLL is loaded and code executes with the privileges of another user. The vulnerability stems from incorrect runtime handli...

A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.

...