Cisco 809 Industrial ISRs, 829 Industrial ISRs, and Cisco CGR1000 IOS Software Trust Management Issue Vulnerabilities

Cisco 1000 Series Connected Grid Routers CGR1000 is a 1000 Series Internet Grid Router from Cisco. A trust management issue exists in the virtual console authentication of the IOS Software in Cisco 809 Industrial ISRs, 829 Industrial ISRs, and Cisco CGR1000. The vulnerability stems from the...

LSN-0067-1 Kernel Live Patch Security Notice

It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-11494...

Unspecified Vulnerability in IBM QRadar SIEM

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A security...

CVE-2011-2923

foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges ...

CVE-2019-1735 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI...

The vulnerability of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows operating system arises due to an overflow in the buffer in the dynamic memory. Exploiting this vulnerability allows a local attacker to increase their privileges by using a special application known as “Win32k Pool Buffer Overflow Vulnerability”...

AIX 5.3 TL 0 : at (IZ43453)

The at command does not drop permissions when reading certain files. A local attacker may exploit this error to read any file on the system because the command is setuid root. The following file is vulnerable : /usr/bin/at. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the...

Ubuntu Update for linux-lts-backport-natty USN-1337-1

Ubuntu Update for Linux kernel vulnerabilities USN-1337-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN13371.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for linux-lts-backport-natty USN-1337-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH,...

VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Windows)

The host is installed with VMWare products and is prone to Privilege Escalation vulnerability. OpenVAS Vulnerability Test $Id: gbvmwareprdtsprivescvulnnov09win.nasl 4906 2017-01-02 13:06:55Z teissa $ VMware Products Guest Privilege Escalation Vulnerability - Nov09 Windows Authors: Sharath S...

eCryptfs工具ecryptfs-setup-private口令泄露漏洞

BUGTRAQ ID: 31906 eCryptfs是Linux平台下的企业级加密文件系统。 eCryptfs工具的ecryptfs-setup-private程序在通过命令行调用ecryptfs-wrap-passphrase和ecryptfs-add-passphrase程序时，命令行参数包含有用户的已有登录口令和新创建的口令。本地攻击者可以在进程表中查看到这些口令。 eCryptfs eCryptfs -------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://ecryptfs.sourceforge.net/...

Zend Platform 2.2.1 - PHP.INI File Modification

Zend Platform 2.2.1 - PHP.INI File Modification source: https://www.securityfocus.com/bid/22802/info The Zend Platform is prone to an issue that may let local attackers modify the PHP configuration file 'php.ini'. This issue occurs because the application is installed with an 'inimodifier' progra...

MOPB-01-2007:PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability

Summary The Month of PHP Bugs starts with a PHP 4 security vulnerability that exploits a problem known for many years among the PHP developers. When a PHP application is run in PHP 4 it can overflow the variable reference counter because it is only 16 bit wide. Whenever this happens it will resul...

SSA-2006-0628032502

New kdebase packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security issue with KDM the KDE login manager which could be exploited by a local attacker to read any file on the system. The official KDE security advisory may be found here:...

DSA-649-1 xtrlock - buffer overflow

Bulletin has no description...

Davfs2, lvm-user: Insecure tempfile handling

Background Davfs2 is a file system driver that allows you to mount a WebDAV server as a local disk drive. lvm-user is a package providing userland utilities for LVM Logical Volume Management 1.x features. Description Florian Schilhabel from the Gentoo Linux Security Audit Team found that Davfs2...

GLSA-200410-25 : Netatalk: Insecure tempfile handling in etc2ps.sh

The remote host is affected by the vulnerability described in GLSA-200410-25 Netatalk: Insecure tempfile handling in etc2ps.sh The etc2ps.sh script creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create symbolic links in the temporary...

GLSA-200410-16 : PostgreSQL: Insecure temporary file use in make_oidjoins_check

The remote host is affected by the vulnerability described in GLSA-200410-16 PostgreSQL: Insecure temporary file use in makeoidjoinscheck The makeoidjoinscheck script insecurely creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create...

Microsoft Windows XP - Weak Default Configuration

// source: https://www.securityfocus.com/bid/11410/info Microsoft Windows XP Service Pack 2 is reported prone to a weak default configuration vulnerability. Internet Connection Firewall ICF includes functionality that controls what binaries are permitted to listen for incoming connections. It is...

FreeBSD : SA-04:15.syscons

The remote host is running a version of FreeBSD which contains a flaw in the syscons console driver. There are boundary errors in the CONSSCRSHOT ioctls that may allow a local attacker to read portions of the kernel memory, which may contain sensitive information. C Tenable Network Security, Inc...

MacOSXLabs RsyncX 2.1 - Insecure Temporary File Creation

source: https://www.securityfocus.com/bid/11212/info RsyncX is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames. A local attacker may exploit this vulnerability to execute...