4563 matches found
SUSE CVE-2018-19637
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supplog, allowing local attackers to overwrite files on systems without symlink protection...
SUSE CVE-2018-19960
The debugmode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshareserver.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname...
SUSE CVE-2018-20105
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2...
Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities
Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild. The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month. Of the 75...
SUSE CVE-2019-3500
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...
SUSE CVE-2020-13882
CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and contro...
Update now! February's Patch Tuesday tackles three zero-days
The Patch Tuesday roundup from Microsoft for February 2023 includes three zero-days. Not exactly what we had in mind for Valentine's Day. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available. As far as we can tell, onl...
CVE-2023-21812
Windows Common Log File System Driver Elevation of Privilege Vulnerability...
CVE-2023-23376
Windows Common Log File System Driver Elevation of Privilege Vulnerability...
CVE-2023-21812
Windows Common Log File System Driver Elevation of Privilege Vulnerability...
CVE-2023-21812
Windows Common Log File System Driver Elevation of Privilege Vulnerability...
CVE-2023-23376
Windows Common Log File System Driver Elevation of Privilege Vulnerability...
Privilege escalation
Windows Common Log File System Driver Elevation of Privilege Vulnerability...
Privilege escalation
Windows Common Log File System Driver Elevation of Privilege Vulnerability...
CVE-2023-23376 Windows Common Log File System Driver Elevation of Privilege Vulnerability
...
CVE-2023-23376
CVE-2023-23376 is a Windows Common Log File System Driver elevation-of-privilege vulnerability. The flaw in the CLFS driver could allow a local attacker to gain SYSTEM privileges, potentially enabling a chain with other bugs. Public exploitation and in-the-wild activity are discussed in Patch Tue...
CVE-2023-23376 Windows Common Log File System Driver Elevation of Privilege Vulnerability
...
CVE-2023-21812 Windows Common Log File System Driver Elevation of Privilege Vulnerability
...
CVE-2023-21812
CVE-2023-21812 is a Windows vulnerability in the Common Log File System Driver (CLFS) that enables Elevation of Privilege. The NVD entry lists a CVSS v3.1 base score of 7.8 (HIGH) with LOCAL attack vector, LOW attack complexity, LOW privileges required, and no user interaction; impact is HIGH on ...
KLA20233 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in...