CVE-2015-9267

CVE-2015-9267 affects NSIS (Nullsoft Scriptable Install System) before 2.49. The vulnerability arises from the use of temporary folder locations, enabling unprivileged local users to overwrite files, which can allow replacing either an installer plugin or the uninstaller with a trojan. In practic...

CVE-2018-6053

Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page...

CVE-2018-14731

An issue was discovered in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR Hot Module Replacement. Anyone can receive the HMR message sent by the WebSocket server via a...

Microsoft Windows Registry CVE-2018-8410 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges on the affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...

xkbcommon null pointer dereference vulnerability (CNVD-2019-02669)

xkbcommon is a keyboard key mapping compiler and support library. A null pointer dereference vulnerability exists in the 'ResolveStateAndPredicate' function of the xkbcomp/compat.c file in versions of xkbcommon prior to xkbcommon 0.8.2, which can be exploited by a local attacker to cause the...

CVE-2018-15863

The CVE-2018-15863 entry refers to an issue in libxkbcommon/xkbcomp where an unchecked NULL pointer dereference in ResolveStateAndPredicate (xkbcomp/compat.c) can crash the xkbcommon parser when presented with a crafted keymap file containing a no-op modmask expression. Affected component: libxkb...

Windows NDIS Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the Network Driver Interface Specification NDIS when ndis.sys fails to check the length of a buffer prior to copying memory to it. To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to...

Huawei Backup App v6.30.52.12.L - Session Vulnerability

Document Title: =============== Huawei Backup App v6.30.52.12.L - Session Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1815 Video: https://www.vulnerability-lab.com/getcontent.php?id=1987 Release Date: ============= 2018-07-30...

CVE-2017-1575

CVE-2017-1575 affects IBM Sterling File Gateway (IBM Sterling B2B Integrator Standard Edition) 2.2.0–2.2.6. Root cause: use of weaker cryptographic algorithms enabling a local attacker to decrypt highly sensitive information. Impact: information disclosure with local access (C/H). Remediation: ap...

Binance v1.5.0 - Insecure File Permission Vulnerability

Document Title: =============== Binance v1.5.0 - Insecure File Permission Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2135 Release Date: ============= 2018-07-17 Vulnerability Laboratory ID VL-ID: ====================================...

Design/Logic Flaw

Storing password in recoverable format in safensec.com SysWatch service in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database and...

UBUNTU-CVE-2016-10723

An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oomlock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator e.g., via concurrent page fault...

Security Bulletin: GPFS security vulnerabilities in IBM SONAS (CVE-2015-0197 and CVE-2015-0199)

Summary A fix is available for IBM SONAS, for GPFS security vulnerabilities Vulnerability Details IBM General Parallel File System GPFS is a high-performance clustered file system. It is used in IBM SONAS. CVEID: CVE-2015-0197 DESCRIPTION: IBM General Parallel File System could allow a local...

Security Bulletin: Multiple vulnerabilities in IBM Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services

Summary Multiple vulnerabilities in IBM Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services. Note the description says ACH Services but the vulnerabilities also apply to Check and CPS. Vulnerability Details CVEID: CVE-2016-0253 DESCRIPTION: IBM Financial...

Security Bulletin: Vulnerabilities in Bash affect IBM PureData System for Transactions (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM PureData™ System for Transactions. Vulnerability Details CVE-ID:...

CVE-2018-1431

A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node...

Microsoft Windows HIDParser Elevation of Privilege Vulnerability

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Microsoft Windows 10 is a set of operating systems for personal computers.Windows Server 2016 is a set of server operating systems.HIDParser is one of the HID HIDParser is one of the HI...

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...

Microsoft Windows Desktop Bridge CVE-2018-8214 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based System...

McAfee Management of Native Encryption Elevation of Privilege Vulnerability

McAfee Management of Native Encryption MNE is a suite of software for local disk encryption from the American company McAfee. The software is able to encrypt local disks and prevent sensitive information from leaking. A privilege extraction vulnerability exists in McAfee MNE versions prior to...