206 matches found
CVE-2019-15540
filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user...
IBM DB2 Buffer Overflow Vulnerability (CNVD-2019-07256)
IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A buffer overflow vulnerability exists in IBM DB2 including: DB2 Connect Server based on Linux, UNIX a...
Multiple Cisco Products IOS XE Software Elevation of Privilege Vulnerability
Cisco 4000 Series Integrated Services Routers and others are different models of router products from Cisco USA. in which IOS XE Software is used. an operating system developed by Cisco for its network devices. An elevation of privilege vulnerability exists in the shell access request mechanism o...
CVE-2018-5529
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information,...
ADB Local Root Jailbreak
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local root jailbreak via network file sharing flaw product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version: Hardware: ADB P.RG AV4202...
DEBIAN-CVE-2014-5220
The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root...
SUSE-SU-2017:3165-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-13080: Wi-Fi Protected Access WPA and WPA2 allowed reinstallation of the Group Temporal Key GTK during the group key handshake, allowing an...
USN-3462-1 pacemaker vulnerabilities
Jan Pokorný and Alain Moulle discovered that Pacemaker incorrectly handled the IPC interface. A local attacker could possibly use this issue to execute arbitrary code with root privileges. CVE-2016-7035 Alain Moulle discovered that Pacemaker incorrectly handled authentication. A remote attacker...
Ubuntu Linux kernel package integer overflow vulnerability
Ubuntu is a desktop-oriented GNU/Linux operating system developed by Canonical and the Ubuntu Foundation, of which the Linux kernel package is a component. An integer overflow vulnerability exists in version 3.16.0-28 of the Linux kernel package on the Ubuntu 14.04 LTS release. Due to the program...
SUSE-SU-2017:0874-1 Security update for Linux Kernel Live Patch 4 for SLE 12 SP1
This update for the Linux Kernel 3.12.57-6035 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service heap-based out-of-bounds access via an integer overflow...
CVE-2016-9644
The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this...
CVE-2016-9644
The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this...
CVE-2016-6276
Citrix Linux Virtual Delivery Agent aka VDA, formerly Linux Virtual Desktop before 1.4.0 allows local users to gain root privileges via unspecified vectors...
CVE-2016-4710
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709...
EMC Avamar Data Store and Avamar Virtual Edition Command Injection Vulnerability
EMC Avamar is a backup and recovery solution from EMC Corporation. The solution provides data backup, disaster recovery, deduplication, etc. Avamar Data Store ADS is one of the components used for data backup; Avamar Virtual Edition AVE is one of the components used to realize the replication...
Red Hat Enterprise Linux setroubleshoot allow_execstack plugin shell command injection vulnerability
Red Hat Enterprise Linux RHEL is a Linux operating system maintained and distributed by Red Hat for business users. setroubleshoot is one of the troubleshooting tools. A shell command injection vulnerability exists in the allowexecstack plugin in RHEL's setroubleshoot. A local attacker could...
CentOS 7.1 / Fedora 22 abrt Local Root
!/usr/bin/python CVE-2015-5273 + CVE-2015-5287 CENTOS 7.1/Fedora22 local root probably works on SL and older versions too abrt-hook-ccpp insecure open usage + abrt-action-install-debuginfo insecure temp directory usage rebel 09/2015 ---------------------------------------- user@localhost $ id...
Cisco Mobility Services Engine Elevation of Privilege Vulnerability
Cisco Mobility Services Engine MSE is a platform Mobility Services Engine that provides Wi-Fi services from Cisco. The platform collects, stores and manages data from wireless clients, Cisco access points and controllers. A security vulnerability exists in Cisco MSE 8.0.120.7 and prior versions...
CVE-2015-5043
diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, 9.5, and 10.0 before p6015 allows local users to obtain root access via unspecified key sequences...
Apport (Ubuntu 14.0414.1015.04) - Race Condition Privilege Escalation
Apport Ubuntu 14.0414.1015.04 - Race Condition Privilege Escalation / Exploit Title: apport/ubuntu local root race condition Date: 2015-05-11 Exploit Author: rebel Version: ubuntu 14.04, 14.10, 15.04 Tested on: ubuntu 14.04, 14.10, 15.04 CVE : CVE-2015-1325 ==============================...