CVE-2021-32579

Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker who has a local code execution ability to tamper with the micro-service API...

Vulnerabilities fixed in Adobe Photoshop

Adobe has fixed vulnerabilities in Photoshop. A local malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or gain access to system files. Adobe has released updates to fix the vulnerabilities in Photoshop 2020 and 2021. For more information,...

Vulnerability found in Microsoft Printer Spooler service

Microsoft has found a vulnerability in the Printer Spooler service. A local malicious person with the ability to execute code under user privileges to execute code could potentially exploit it to execute arbitrary code under SYSTEM privileges. It is as yet unknown in which versions of Windows the...

CVE-2020-11632

The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges...

Vulnerabilities Fixed in Microsoft Malware Protection Engine

Microsoft has fixed vulnerabilities in the Microsoft Malware Protection Engine as used by Windows Defender and Microsoft System Center Endpoint Protection. A local malicious agent could vulnerabilities potentially exploit them to execute code under elevated privileges execute code. Windows...

Schneider Electric Modicon Controllers and Software (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect x70, SCADAPack x70 RTUs, and Modicon M580 and M340 control products Vulnerabilities :...

CVE-2021-32461

Trend Micro Password Manager Consumer version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. An attacker must first obtain the ability...

Vulnerabilities fixed in OpenVPN

Vulnerabilities have been fixed in the Windows versions of OpenVPN and OpenVPN Connect. A local malicious party could potentially exploit them to execute arbitrary code under the rights of the OpenVPN process. To do this, the malicious party must modify the OpenVPN configuration file such that th...

CVE-2020-4610

IBM Security Secret Server IBM Security Verify Privilege Manager 10.8.2 could allow a local user to execute code due to improper integrity checks. IBM X-Force ID: 184919...

IBM Security Secret Server 输入验证错误漏洞

IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. An input validation error vulnerability exists in IBM Security Secret Serve...

USN-5001-1 linux-oem-5.10 vulnerabilities

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Mathy Vanhoef discovered that the Linux kernel’s WiFi implementati...

Vulnerability fixed in Cisco AnyConnect Secure Mobility Client

Cisco has fixed a vulnerability in AnyConnect Secure Mobility Client. A local malicious agent could potentially exploit it to execute arbitrary code under SYSTEM privileges. Only clients on which the VPN Posture HostScan Module is installed are vulnerable. Cisco has released updates to fix the...

D-Link AC2600 缓冲区错误漏洞

The D-Link AC2600 is a wireless device from Taiwan, China-based AUO D-Link. A security vulnerability exists in the D-Link AC2600, which originates from multiple out-of-bounds vulnerabilities in the D-Link AC2600 DIR-2640 1.01B04, where normal privileges can be elevated to administrator privileges...

PT-2021-20399 · D Link · D-Link Ac2600

Name of the Vulnerable Software and Affected Versions: D-Link AC2600DIR-2640 version 1.01B04 Description: The issue involves multiple out-of-bounds vulnerabilities in certain processes. These vulnerabilities can elevate ordinary permissions to administrator permissions, leading to local arbitrary...

Mcafee McAfee GetSusp 缓冲区错误漏洞

Mcafee McAfee GetSusp is a malware scanning application from McAfee USA. McAfee GetSusp suffers from a buffer error vulnerability that stems from a memory corruption vulnerability in the McAfee GetSusp driver file component could allow a program on the local machine to trigger a buffer overflow i...

SUSE: Security Advisory (SUSE-SU-2020:0346-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-29665

IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges...

CVE-2021-29088

Improper limitation of a pathname to a restricted directory 'Path Traversal' in cgi component in Synology DiskStation Manager DSM before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors...

CVE-2021-29088

CVE-2021-29088 affects Synology DiskStation Manager (DSM) prior to 6.2.4-25553, in the CGI component, via a path traversal vulnerability that allows local users to execute arbitrary code via unspecified vectors. Impact is described as high (C/H/I/H/A/H) with local attack vector and no user intera...

Veyon 4.4.1 - 'VeyonService' Unquoted Service Path

Exploit Title: Veyon 4.4.1 - 'VeyonService' Unquoted Service Path Discovery by: Víctor García Discovery Date: 2020-03-23 Vendor Homepage: https://veyon.io/ Software Link: https://github.com/veyon/veyon/releases/download/v4.4.1/veyon-4.4.1.0-win64-setup.exe Tested Version: 4.4.1 Vulnerability Type...