SUSE CVE-2019-4732

IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing ...

SUSE CVE-2019-5858

Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page...

SUSE CVE-2019-9755

An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In...

SUSE CVE-2020-6417

Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry...

SUSE CVE-2020-24995

Buffer overflow vulnerability in sniffchannelorder function in aacdectemplate.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code local...

SUSE CVE-2021-3410

A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in cacaresize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context...

PT-2023-1739 · Fortinet · Fortianalyzer

Name of the Vulnerable Software and Affected Versions: Fortinet FortiAnalyzer versions 6.4.0 through 6.4.9 Fortinet FortiAnalyzer versions 7.0.0 through 7.0.5 Fortinet FortiAnalyzer versions 7.2.0 through 7.2.1 Description: The issue is related to the improper neutralization of formula elements i...

CVE-2022-1892

A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code...

[SECURITY] [DLA 3278-1] tiff security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3278-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler January 20, 2023 https://wiki.debian.org/LTS -...

PT-2022-27797 · Cx-Drive · Cx-Drive

Name of the Vulnerable Software and Affected Versions: CX-Drive versions 3.00 and earlier Description: The issue allows a local attacker to execute arbitrary code by having a user open a specially crafted file. This is due to a use after free vulnerability. Recommendations: For CX-Drive versions...

PT-2022-6512 · Parallels · Parallels Desktop

Name of the Vulnerable Software and Affected Versions: Parallels Desktop versions prior to 18.1.1 Description: This issue allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the...

Vulnerability fixed in Microsoft Apps

A vulnerability has been fixed in Windows Terminal. The vulnerability allows a local malicious person to execute arbitrary code to execute arbitrary code. To exploit the vulnerability, the malicious party must trick the victim into downloading and opening a rogue file. download and open it. Windo...

CVE-2022-45797

An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to...

CVE-2022-39882

Heap overflow vulnerability in sflacffalbytespeek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code...

PT-2022-25075 · Unknown · Libsmat.So

Name of the Vulnerable Software and Affected Versions: libsmat.so library versions prior to SMR Nov-2022 Release 1 Description: A heap overflow issue exists in the sflacf fal bytes peek function, allowing a local attacker to execute arbitrary code. Recommendations: For versions prior to SMR...

USN-5713-1 python3.10 vulnerability

Devin Jeanpierre discovered that Python incorrectly handled sockets when the multiprocessing module was being used. A local attacker could possibly use this issue to execute arbitrary code and escalate privileges...

PT-2022-7158 · Parallels · Parallels Desktop

Name of the Vulnerable Software and Affected Versions: Parallels Desktop affected versions not specified Description: The issue is related to the Updater service of Parallels Desktop, where a Time-Of-Check Time-Of-Use flaw allows local attackers to escalate privileges on affected installations. A...

CVE-2022-32487

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

CVE-2022-32485

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

GHSA-J4J9-7HG9-97G6 Poetry vulnerable to Untrusted Search Path leading to Local Code Execution on Windows

Observation To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. git config. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of untrusted code due to the way Windows resolves executab...