RHEL 7 : systemd (RHSA-2019:2091)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2091 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides...

CVE-2019-3970

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data direct...

Google Android Media framework remote code execution vulnerability (CNVD-2019-23096)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A remote code execution vulnerability exists in the Media framework component in Google Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9. An attacker can exploit this...

Google Android Media framework remote code execution vulnerability (CNVD-2019-23104)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A remote code execution vulnerability exists in the Media framework component in Google Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9. An attacker can exploit this...

Google Android System Component Remote Code Execution Vulnerability (CNVD-2019-21310)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A remote code execution vulnerability exists in the System component of Google Android 9. An attacker can exploit the vulnerability to execute arbitrary code in the...

Shimo VPN Input Validation Error Vulnerability

Shimo VPN is a VPN Virtual Private Network software based on macOS platform. An input validation error vulnerability exists in the disconnectService function of the assistant service in Shimo VPN version 4.1.5.1. The vulnerability stems from a network system or product that does not properly...

CVE-2019-6724

The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root...

CVE-2019-6724

CVE-2019-6724 concerns the Barracuda VPN Client. The vulnerable component is the barracudavpn component in version prior to 5.0.2.7 for Linux, macOS, and OpenBSD, which runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary co...

Privilege Escalation

kernel is vulnerable to privilege escalation attacks. The vulnerability exists as an elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate becau...

F5 Networks BIG-IP : BIG-IP APM client for Linux and macOS vulnerability (K54431371)

The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to getownership of files owned by root on the local client host.CVE-2018-5546 Impact A malicious, local, unprivileged user...

Design/Logic Flaw

The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of...

Out-of-bounds

VMware Horizon 6 6.x.x before 6.2.7, Horizon 7 7.x.x before 7.5.1, and Horizon Client 4.x.x and prior before 4.8.1 contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privilege...

CVE-2018-5529

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information,...

CVE-2018-5529

The CVE-2018-5529 entry concerns the svpn component of the F5 BIG-IP APM client for Linux and macOS, vulnerable prior to version 7.1.7. The issue arises because svpn runs as a privileged process, enabling a local unprivileged user to gain super-user privileges on the local client host, potentiall...

Buffer overflow

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a...

The vulnerability of the avrc_pars_vendor_cmd function in the Android operating system allows a hacker to execute arbitrary code within the context of a privileged process.

The vulnerability of the avrcparsvendorcmd function avrcparstg.cc in the Android operating system arises from the execution of an operation outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the wma_nlo_match_evt_handler function in the Android WLAN operating system from the CAF repository allows a attacker to execute arbitrary code.

The vulnerability of the wmanlomatchevthandler function in the Android WLAN operating system from the CAF repository is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code within a privileged...

The vulnerability of the Display component in the Android operating system from the CAF repository allows a hacker to execute arbitrary code within the context of a privileged process.

The vulnerability of the Display component in the Android operating system from the CAF repository is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code within the context of a privileged process...

The vulnerability of the `wma_unified_bcntx_status_event_handler` function in the Android WLAN operating system component from the CAF repository allows a perpetrator to execute arbitrary code.

The vulnerability of the wmaunifiedbcntxstatuseventhandler function in the Android WLAN operating system from the CAF repository involves reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code within a privileged proces...

The vulnerability of the wma_roam_scan_filter function in the Android operating system’s WLAN component from the CAF repository allows a perpetrator to execute arbitrary code.

The vulnerability of the wmaroamscanfilter function in the Android WLAN operating system from the CAF repository is related to buffer overflow attacks. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of a privileged process, using a specially...