4827 matches found
New Western Digital My Cloud Bugs Give Local Attackers Root on NAS Devices
Researchers disclosed two new vulnerabilities in Western Digital My Cloud network storage devices on Thursday that could allow a local attacker to delete files stored on devices or allow them to execute shell commands as root. Researchers at Trustwave disclosed the vulnerabilities, which come on...
CVE-2018-6382
MantisBT 2.10.0 is affected by a local SQL injection via the vendor/adodb/adodb-php/server.php sql parameter accessible to 127.0.0.1. The issue is described as exploitable by local users; vendor notes no authentication bypass and disputes the report’s significance. OpenVAS entries for both Window...
Red Hat keycloak-httpd-client-install file overwrite vulnerability
Red Hat keycloak is a suite of software from Red Hat that provides authentication and management capabilities for modern applications and services. keycloak-httpd-client-install is an executable installer. A security vulnerability exists in Red Hat keycloak-httpd-client-install that stems from th...
Cisco WebEx Network Recording Player Buffer Overflow Vulnerability
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format ARF files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file an...
UBUNTU-CVE-2017-17840
An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which due to lack of checking can lead to buffer overflows, and result in aborts with overflow checking enabled or...
CVE-2017-17052
The mminit function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the -exefile member of a new process's mmstruct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program...
Design/Logic Flaw
A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual...
Microsoft Windows Media Player CVE-2017-11768 Local Information Disclosure Vulnerability
Description Microsoft Windows Media Player is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Window...
SingTel / Aztech DSL8900GR(AC) Authentication Bypass
Credit: Cort Date: 5 Aug 2017 CVE: Not assigned Vendor: Aztech https://www.aztech.com / SingTel https://www.singtel.com/ Product: Aztech DSL8900GRAC router Versions Affected: firmware 340.6.1-007 latest available as of 9 Nov 2017 CVSS v3 Base Score: 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Fix: No...
Linux kernel local denial of service vulnerability (CNVD-2017-33486)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A local denial of service vulnerability exists in the 'dvbfrontendfree' function in the drivers/media/dvb-core/dvbfrontend.c file in Linux kernel 4.13.11 and earlier...
Splunk Local Privilege Escalation
Vulnerability Details Affected Vendor: Splunk Affected Product: Splunk Enterprise Affected Version: 6.6.x Platform: Embedded Linux CWE Classification: CWE-280: Improper Handling of Insufficient Permissions or Privileges Impact: Privilege Escalation Attack vector: Local 2. Vulnerability...
CVE-2017-13723
In X.Org Server aka xserver and xorg-server before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp...
Windows Graphics Component Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability b...
Microsoft Windows Kernel Mode Driver CVE-2017-8694 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges within the context of the affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...
Microsoft Windows CVE-2017-11829 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to overwrite files with elevated privileges in the context of the affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft...
PT-2017-3160 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.13.8 Description: The issue is related to the usb serial console disconnect function in the Linux kernel, which can cause a denial of service use-after-free and system crash or possibly have unspecified other...
Input validation
Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary fi...
UCOPIA Wireless Appliance 5.1.8 - Local Privilege Escalation
UCOPIA Wireless Appliance 5.1.8 - Local Privilege Escalation CVE-2017-11322 UCOPIA Wireless Appliance 5.1.8 Privileges Escalation Asset description UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers. More than 12,000 UCOPIA...
Gentoo app-admin/logstash-bin Package Privilege Gain Vulnerability
The Gentoo app-admin/logstash-bin package is a user management package from the Gentoo Foundation. A security vulnerability exists in the Gentoo app-admin/logstash-bin package in versions 5.6.x prior to 5.6.1 and versions prior to 5.5.3. A local attacker can exploit this vulnerability to gain...
CVE-2017-14344
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL...