Amazon Linux 2023 : polkit, polkit-devel, polkit-libs (ALAS2023-2026-1546)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1546 advisory. A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via standard input stdin. This unbounded...

CVE-2026-2364

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer...

TencentOS Server 2: kernel (TSSA-2023:0339)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0339 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

PT-2023-3651 · Rockwell Automation · Factorytalk System Services

Name of the Vulnerable Software and Affected Versions: FactoryTalk System Services affected versions not specified Description: The issue is related to improper authorization in the FTSSBackupRestore.exe executable, which may allow a local, authenticated non-admin user to load malicious...

Schneider Electric EcoStruxure Operator Terminal Expert 数据伪造问题漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A data forgery vulnerability exists in Schneider Electric EcoStruxure Operator Termin...

Schneider Electric EcoStruxure Operator Terminal Expert 数据伪造问题漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A data forgery vulnerability exists in Schneider Electric EcoStruxure Operator Termin...

Vulnerability fixed in Rockwell Automation FactoryTalk

A vulnerability has been fixed in Rockwell Automation FactoryTalk Services Platform. The vulnerability allows an authenticated remote malicious person able to assume the same rights as a locally logged on user. Rockwell Automation has released updates and mitigating measures released to address t...

CVE-2020-1421

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'...

CVE-2020-1299

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'...

CVE-2020-0684

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'...

Microsoft LNK Remote Code Execution Vulnerability

Microsoft Windows is a family of operating systems from Microsoft. Microsoft Windows has a remote code execution vulnerability in the handling of .LNK files, which can be exploited by an attacker to gain the same user rights as a local user...

HP ThinPro Linux Arbitrary Code Execution Vulnerability (CNVD-2019-43735)

HP ThinPro Linux is an operating system for HP thin clients from Hewlett-Packard HP in the United States. A security vulnerability exists in HP ThinPro Linux that stems from a failure of the VPN software to securely process user-submitted input. The vulnerability can be exploited by an attacker t...

Microsoft Windows Resource Management Error Vulnerability

Microsoft Windows is a set of operating systems used for personal devices.Microsoft Windows Server is a set of server operating systems. A remote code execution vulnerability exists in Microsoft Windows Media Foundation because the program fails to properly analyze specially crafted QuickTime med...

CVE-2019-1430

A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'Microsoft Windows Media Foundation Remote Code...

PT-2019-2923 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: A remote code execution issue exists in Microsoft Windows, related to the processing of .LNK files. If a malicious .LNK file is processed, an attacker could execute arbitrary code...

Mozilla Firefox File Execution Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in WebExtensions in versions prior to Mozilla Firefox 58. The vulnerability can be exploited by an attacker to save and open downloaded files, and run executable...

Проблемы в Internet Explorer (MSDAIPP exchange data access)

Через источник данных MSDAIPP.DSO.1 script на странице может обратиться в базу данных сервера Exchange с правами локального пользователя...