CVE-2017-15918

Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks...

Denial of service

A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android...

Vulnerabilities in the Debian GNU/Linux operating system that allow a local malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the kernel-headers-2.4.18-1-k6 Debian GNU/Linux operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by local malicious actors...

Oracle VM VirtualBox < 4.3.36 / 5.0.14 Multiple Vulnerabilities (January 2016 CPU)

The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.3.36 or 5.0.14. It is, therefore, affected by the following vulnerabilities : - An unspecified vulnerability exists in the Core subcomponent that allows a remote attacker to affect the availability of the...

MGASA-2015-0278 Updated libuser package fixes security vulnerabilities

Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser for example, userhelper to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate the...

Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libudev0-128 package of the OpenSUSE operating system can lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...

openssh: authentication limits bypass

The OpenSSH server normally wouldn't allow successive authentications that exceed the MaxAuthTries setting in sshdconfig, however when using kbd-interactive challenge-response authentication the allowed login retries can be extended limited only by the LoginGraceTime setting, that can be more tha...

Vulnerabilities in the Debian GNU/Linux operating system that allow a local malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the atari800 operating system of the Debian GNU/Linux distribution can be exploited, leading to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by local malicious actors...

Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libvolumeid-devel-128 package of the OpenSUSE operating system can lead to breaches of confidentiality, integrity, and accessibility of protected information. Exploitation of these vulnerabilities can occur locally...

Vulnerabilities in the SUSE Linux Enterprise operating system that allow attackers to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libvolumeid-devel-128 package of the SUSE Linux Enterprise operating system can lead to breaches of confidentiality, integrity, and accessibility of protected information. Exploitation of these vulnerabilities can be carried out locally...

DEBIAN-CVE-2013-1813

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors...

SuSE 11 Security Update : puppet (SAT Patch Number 2113)

pupped created temporary files with fixed names. Local attacks could exploit that to install symlinks that overwrite files of the victim. CVE-2010-0156 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update...

CVE-2009-2461

mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors...

PHP APC 3.1.1 And 3.0.19 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 PHP APC is an opcode cache for PHP, or, as the developers say: "APC is a free, open, and robust framework for caching and optimizing PHP intermediate code." http://pecl.php.net/package/APC While at least some of its developers do not consider this a...

PHP APC local attacks

Different local attacks allow DoS conditions and crossite scripting...

PHP APC vulnerable to local attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 PHP APC is an opcode cache for PHP, or, as the developers say: "APC is a free, open, and robust framework for caching and optimizing PHP intermediate code." http://pecl.php.net/package/APC While at least some of its developers do not consider this a...

CVE-2008-3659

Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since...

Linux Kernel 2.4.x/2.5.x/2.6.x - &#039;Sockaddr_In.Sin_Zero&#039; Kernel Memory Disclosure

/ source: https://www.securityfocus.com/bid/17203/info The Linux kernel is affected by local memory-disclosure vulnerabilities. These issues are due to the kernel's failure to properly clear previously used kernel memory before returning it to local users. These issues allow an attacker to read...

akfingerd

The remote finger service appears to vulnerable to a remote attack which can disrupt the service of the finger daemon. This denial of service does not effect other services that may be running on the remote computer, only the finger service can be disrupted. akfingerd version 0.5 or earlier is...

FileZilla 2.2.15 - FTP Client Hard-Coded Cipher Key

FileZilla 2.2.15 - FTP Client Hard-Coded Cipher Key // source: https://www.securityfocus.com/bid/14730/info FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers. The application uses a hard-coded cipher key to decrypt the password, which is stored in a...