Cisco SD-WAN Solution Buffer Overflow Vulnerability

Cisco SD-WAN Solution is a suite of network extension solutions running on Cisco systems. A buffer overflow vulnerability exists in Cisco SD-WAN Solution. It allows an authenticated, remote attacker to cause a denial of service DOS condition and execute arbitrary code as root...

CVE-2018-11460

A vulnerability has been identified in SINUMERIK 808D V4.7 All versions, SINUMERIK 808D V4.8 All versions, SINUMERIK 828D V4.7 All versions V4.7 SP6 HF1, SINUMERIK 840D sl V4.7 All versions V4.7 SP6 HF5, SINUMERIK 840D sl V4.8 All versions V4.8 SP3. A local attacker with elevated user privileges...

PT-2018-18051 · Zte · Zxin10

Name of the Vulnerable Software and Affected Versions: ZTE ZXIN10 versions prior to ZXINOS-RESV1.01.43 Description: The issue is related to improper access control, specifically to the devcomm process, allowing an unauthorized remote attacker to execute arbitrary code with root privileges...

CVE-2018-19085

RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E048 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges...

CVE-2018-17931

If an attacker has physical access to the VGo Robot Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected they may be able to alter scripts, which may allow code execution with root privileges...

xorg-x11-server elevation of privilege vulnerability

The xorg-x11-server is an X Window System display server bundled with multiple vendor operating systems. A security vulnerability exists in xorg-x11-server versions prior to 1.20.3. A local attacker can exploit this vulnerability to elevate privileges and run arbitrary code with root privileges...

UBUNTU-CVE-2018-14722

An issue was discovered in evaluateautomountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-scrub,balance,trim are set to auto in /etc/sysconfig/btrfsmaintenance this is not the default, thou...

CVE-2018-14722

An issue was discovered in evaluateautomountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-scrub,balance,trim are set to auto in /etc/sysconfig/btrfsmaintenance this is not the default, thou...

CVE-2018-14722

An issue was discovered in evaluateautomountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-scrub,balance,trim are set to auto in /etc/sysconfig/btrfsmaintenance this is not the default, thou...

Intel Saffron MemoryBase elevation of privilege vulnerability (CNVD-2018-15600)

Intel Saffron MemoryBase is a memory base kit for Saffron from Intel Corporation USA. A security vulnerability exists in Intel Saffron MemoryBase versions prior to 11.4. An attacker can exploit the vulnerability to elevate privileges and execute arbitrary code as root...

CVE-2018-3662

Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root...

CVE-2018-3662

Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root...

Samsung SmartThings Hub video-core credentials videoHostUrl Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the credentials handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...

Dell RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG Local Untrusted Search Path Vulnerabilities

Dell RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG are all products of Dell Inc.Dell RSA Identity Governance and Lifecycle is a suite of lifecycle management solutions; RSA Via Lifecycle and Governance is a suite of enterprise-class identity and identity...

CVE-2018-0300

A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation Firewall NGFW and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path traversal techniques to create or overwrite arbitrary...

CVE-2018-0304

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service DoS condition, or execute arbitrary code as root. The vulnerability exists because th...

Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation Exploit

Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AFPACKET packetsetring Privilege Escalation', 'Description' = %q This module exploits a...

Palo Alto Networks - readSessionVarsFromFile() Session Corruption Exploit

This Metasploit module exploits a chain of vulnerabilities in Palo Alto Networks products running PAN-OS versions prior to 6.1.19, 7.0.19, 7.1.14, and 8.0.6. This chain starts by using an authentication bypass flaw to to exploit an XML injection issue, which is then abused to create an arbitrary...

Palo Alto Networks readSessionVarsFromFile() Session Corruption

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Palo Alto Networks readSessionVarsFromFile Session Corruption', 'Description' = %q This module exploits a chain of vulnerabilities in Palo Alto...

Palo Alto Networks readSessionVarsFromFile() Session Corruption

This module exploits a chain of vulnerabilities in Palo Alto Networks products running PAN-OS versions prior to 6.1.19, 7.0.19, 7.1.14, and 8.0.6. This chain starts by using an authentication bypass flaw to to exploit an XML injection issue, which is then abused to create an arbitrary directory,...