98 matches found
sudo: Heap buffer overflow in argument parsing
A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command by default, any local user can execute sudo without authentication. Successful exploitation of this flaw coul...
CVE-2020-8715
Invalid pointer for some IntelR Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable denial of service via local access...
Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
The Media Library Assistant plugin before 2.82 for WordPress suffers from a Local File Inclusion vulnerability in mlagallery link=download. The LFI is restricted to the "wp-content" directory...
CVE-2019-11170
Authentication bypass in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access...
CVE-2019-9532
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal...
DEBIAN-CVE-2018-12179
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...
CVE-2018-15486
An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02...
CVE-2018-0335
A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring...
CVE-2017-12361
A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to the way Cisco Jabber...
CVE-2017-6706
A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1...
Cisco Prime Collaboration Provisioning Tool Local Information Disclosure Vulnerability (CNVD-2017-11546)
Cisco Prime Collaboration is a comprehensive video and voice service assurance and management system. A security vulnerability exists in the logging subsystem in the Cisco Prime Collaboration Provisioning tool, where an unauthenticated local attacker obtains sensitive information. The vulnerabili...
CVE-2017-2330
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves,...
CVE-2017-3813
A vulnerability in the Start Before Logon SBL module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the acce...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2016-05388)
Oracle MySQL Server is a lightweight relational database system. A security vulnerability exists in Oracle MySQL Server versions 5.6.30 and earlier, 5.7.12 and earlier, which can be exploited by an unauthenticated, local attacker to affect availability...
Oracle MySQL Server: Unauthorized Access Vulnerability in Parser Subcomponent
Oracle MySQL is an open source relational database management system from Oracle. A security vulnerability exists in the Oracle MySQL Server: Parser subcomponent. An unauthenticated, local attacker can exploit the vulnerability to log in to access the MySQL Servermysql server to execute programs...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2016-05386)
Oracle MySQL Server is a lightweight relational database system. A security vulnerability exists in Oracle MySQL Server 5.7.12 and earlier versions, which can be exploited by unauthenticated local users to affect availability...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2016-05390)
Oracle MySQL Server is a lightweight relational database system. A security vulnerability exists in Oracle MySQL Server versions 5.6.30 and earlier, 5.7.12 and earlier, which can be exploited by an unauthenticated, local attacker to affect availability...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2016-05389)
Oracle MySQL Server is a lightweight relational database system. A security vulnerability exists in Oracle MySQL Server 5.7.12 and earlier versions, which can be exploited by an unauthenticated, local attacker to affect availability...