PT-2019-19405 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions prior to 5.5.11 Description: The issue allows authenticated users to execute arbitrary remote commands via a new autodiscovery job. There have been reports of cross-site scripting XSS that can lead to root remote code...

CVE-2018-20106

In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast...

CVE-2018-1998

IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887...

CVE-2019-1618

A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to an incorrect permissions setting. An attacker could exploit this vulnerability...

CVE-2019-9686

pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U " due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not...

CVE-2019-9686

CVE-2019-9686 affects pacman before 5.1.3. The issue arises when installing a remote package via a URL (pacman -U ): the unsanitized Content-Disposition filename can contain slashes and is used in rename(), enabling a remote attacker to place the file anywhere in the filesystem and potentially ac...

[ASA-201903-7] pacman: arbitrary code execution

Arch Linux Security Advisory ASA-201903-7 ========================================= Severity: High Date : 2019-03-11 CVE-ID : CVE-2019-9686 Package : pacman Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-921 Summary ======= The package pacman before version...

CVE-2019-1605

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sending a crafted HTTP or HTT...

Cisco SD-WAN Solution Buffer Overflow Vulnerability

Cisco SD-WAN Solution is a suite of network extension solutions running on Cisco systems. A buffer overflow vulnerability exists in Cisco SD-WAN Solution. It allows an authenticated, remote attacker to cause a denial of service DOS condition and execute arbitrary code as root...

CVE-2018-11460

A vulnerability has been identified in SINUMERIK 808D V4.7 All versions, SINUMERIK 808D V4.8 All versions, SINUMERIK 828D V4.7 All versions V4.7 SP6 HF1, SINUMERIK 840D sl V4.7 All versions V4.7 SP6 HF5, SINUMERIK 840D sl V4.8 All versions V4.8 SP3. A local attacker with elevated user privileges...

PT-2018-18051 · Zte · Zxin10

Name of the Vulnerable Software and Affected Versions: ZTE ZXIN10 versions prior to ZXINOS-RESV1.01.43 Description: The issue is related to improper access control, specifically to the devcomm process, allowing an unauthorized remote attacker to execute arbitrary code with root privileges...

CVE-2018-19085

RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E048 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges...

CVE-2018-17931

If an attacker has physical access to the VGo Robot Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected they may be able to alter scripts, which may allow code execution with root privileges...

xorg-x11-server elevation of privilege vulnerability

The xorg-x11-server is an X Window System display server bundled with multiple vendor operating systems. A security vulnerability exists in xorg-x11-server versions prior to 1.20.3. A local attacker can exploit this vulnerability to elevate privileges and run arbitrary code with root privileges...

UBUNTU-CVE-2018-14722

An issue was discovered in evaluateautomountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-scrub,balance,trim are set to auto in /etc/sysconfig/btrfsmaintenance this is not the default, thou...

CVE-2018-14722

An issue was discovered in evaluateautomountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-scrub,balance,trim are set to auto in /etc/sysconfig/btrfsmaintenance this is not the default, thou...

CVE-2018-14722

An issue was discovered in evaluateautomountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-scrub,balance,trim are set to auto in /etc/sysconfig/btrfsmaintenance this is not the default, thou...

Intel Saffron MemoryBase elevation of privilege vulnerability (CNVD-2018-15600)

Intel Saffron MemoryBase is a memory base kit for Saffron from Intel Corporation USA. A security vulnerability exists in Intel Saffron MemoryBase versions prior to 11.4. An attacker can exploit the vulnerability to elevate privileges and execute arbitrary code as root...

CVE-2018-3662

Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root...

CVE-2018-3662

Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root...