USN-4269-1 systemd vulnerabilities

It was discovered that systemd incorrectly handled certain PIDFile files. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. CVE-2018-16888 It was discovered that systemd incorrectly handled certain udevadm...

Microsoft Windows Common Log File System CVE-2020-0615 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Versio...

CVE-2019-12418

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user...

Privilege Escalation

Tomcat-catalina is vulnerable to privilege escalation. When JMX Remote Lifecycle Listener is used to configure Tomcat, a local attack is possible to access Tomcat process or configuration files and manipulate RMI registry, thereby allowing the attacker to act as man-in-the-middle MitM to steal th...

CVE-2019-14605

Improper permissions in the installer for the IntelR SCS Platform Discovery Utility, all versions, may allow an authenticated user to potentially enable escalation of privilege via local attack...

Input validation

Improper permissions in the installer for the IntelR SCS Platform Discovery Utility, all versions, may allow an authenticated user to potentially enable escalation of privilege via local attack...

CVE-2019-14605

The CVE-2019-14605 affects Intel's SCS Platform Discovery Utility (all versions). The root cause is improper permissions in the installer, enabling an authenticated local user to potentially escalate privileges (local, low complexity, privilege requirement). Impact includes potentially elevated p...

CVE-2019-14605

Improper permissions in the installer for the IntelR SCS Platform Discovery Utility, all versions, may allow an authenticated user to potentially enable escalation of privilege via local attack...

Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write (cisco-sa-20180926-ir800-memwrite)

According to its self-reported version, Cisco IOS is affected by arbitrary memory write vulnerabilities in the embedded test subsystem due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An authenticated,...

OpenBSD CVE-2019-19726 Local Privilege Escalation Vulnerability

Description OpenBSD is prone to a local privilege escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. OpenBSD versions 6.1, 6.2, 6.5 and 6.6 are vulnerable. Other versions may also be affected. Technologies Affected OpenBSD Openbsd 6.1 OpenBSD Openbsd 6....

CVE-2011-2187

XScreensaver (version prior to 5.14) crashes during activation and leaves the screen unlocked when Blank Only Mode is used and DPMS is disabled, enabling local attackers to access resources without authentication. The provided connected documents confirm the affected software and the unlock condi...

Security Advisory - Buffer Overflow Vulnerability in Huawei Atlas Product

There is a buffer overflow vulnerability in Huawei Atlas product. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash. Vulnerability ID: HWPSIRT-2019-08062 This vulnerability has been...

Windows Graphics Component Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability b...

Windows Graphics Component Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability b...

Windows Graphics Component Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability b...

Microsoft Windows Error Reporting CVE-2019-1374 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to disclose sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Versi...

Oracle VirtualBox Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2019-16206

CVE-2019-16206 affects Broadcom/Brocade SANnav prior to version 2.0. The authentication mechanism logs plaintext account credentials at the trace and debug levels, enabling a local authenticated attacker to access sensitive information via log files. This information-disclosure flaw is consistent...

Trusted Path Privilege Elevation Vulnerability in Antenna Smart Armor Terminal Defense System

Antenna SmartA Terminal Defense System is a terminal anti-virus software that integrates virus detection, terminal management, threat analysis, emergency response and peripheral control. There is a trusted path privilege elevation vulnerability in AnTian SmartArmor Terminal Defense System, which...

USN-4163-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service system crash. CVE-2016-10906 It was discovered that a race condition existed in the Serial...