7632 matches found
CVE-2018-15007
The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069trxl601sky/x6069trxl601sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper versionCode=238, versionName=2.3.8 that contains an exported broadcast...
SUSE-SU-2018:4297-1 Security update for containerd, docker and go
This update for containerd, docker and go fixes the following issues: containerd and docker: - Add backport for building containerd bsc1102522, bsc1113313 - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. bsc1102522 - Enable seccomp support on SLE12 fate325877 - Update to...
The vulnerability of the Logitech Options peripheral control utility allows a hacker to execute arbitrary commands.
The vulnerability of the Logitech Options peripheral control utility lies in the lack of restrictions on the number of authentication attempts made through the WebSocket server. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially crafted web page...
GHSA-V4X4-98CG-WR4G Code injection in Danijar Definitions
There is a vulnerability in load method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution...
Design/Logic Flaw
There is a vulnerability in load method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution...
[ASA-201812-12] go-pie: multiple issues
Arch Linux Security Advisory ASA-201812-12 ========================================== Severity: High Date : 2018-12-18 CVE-ID : CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Package : go-pie Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-835 Summary ======= The packa...
[ASA-201812-11] go: multiple issues
Arch Linux Security Advisory ASA-201812-11 ========================================== Severity: High Date : 2018-12-18 CVE-ID : CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Package : go Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-835 Summary ======= The package g...
Privilege escalation
Privilege escalation vulnerability in McAfee Agent MA for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions...
CVE-2018-6705
Privilege escalation vulnerability in McAfee Agent MA for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions...
CVE-2018-6705 McAfee Agent (MA) for Linux Privilege Escalation vulnerability
Privilege escalation vulnerability in McAfee Agent MA for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions...
CVE-2018-6705
CVE-2018-6705 concerns McAfee Agent for Linux with versions 5.0.0–5.0.6, 5.5.0, and 5.5.1. The issue is insufficient access control in the client component, enabling local attackers to escalate privileges and execute arbitrary commands. Remediation: upgrade to a non-affected version outside these...
CVE-2018-6704
Privilege escalation vulnerability in McAfee Agent MA for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions...
CVE-2018-6704
Privilege escalation vulnerability in McAfee Agent MA for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions...
McAfee True Key (TK) Windows Client Arbitrary Command Execution Vulnerability
McAfee True Key TK is an authentication application from the American company McAfee. The program supports features such as facial information recognition and fingerprint recognition. A security vulnerability exists in the Microsoft Windows client in McAfee TK 5.1.230.7 and earlier versions. A...
56iq digital signage software frontend has an override access vulnerability
56iq digital signage software is a digital signage content creation software, used to create exciting programs in plasma liquid crystal LCD flat-panel TVs, LED screens, projection equipment and other multimedia terminals playback and touch interactive applications. An override access vulnerabilit...
Netgate pfSense CE Command Injection Vulnerability
Netgate pfSense CE is the United States Netgate company's set of free open source FreeBSD-based firewall and router software. A command injection vulnerability exists in the 'powerdbatterymode' POST parameter in Netgate pfSense CE version 2.4.4-RELEASE, which can be exploited by an attacker to...
NUUO NVRMini2 3.9.1 - (Authenticated) Command Injection
Exploit Title: NUUO NVRMini2 Authenticated Command Injection Date: December 3, 2018 Exploit Author: Artem Metla Vendor Homepage: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 Tested on: NUUO NVRMini2 with firmware 3.9.1 CVE : CVE-2018-15716 Advisory:...
Apache Hadoop elevation of privilege vulnerability (CNVD-2018-24261)
Apache Hadoop is the U.S. Apache Apache Software Foundation's set of open source distributed systems infrastructure, it can be distributed processing of large amounts of data, and has high reliability, high scalability, high fault tolerance and other characteristics. A security vulnerability exis...
A vulnerability exists in the CronJob API of Cisco Digital Network Architecture, allowing attackers to execute arbitrary commands with root privileges.
The vulnerability in the CronJob API of Cisco Digital Network Architecture DNA platform is caused by errors in processing input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands with root privileges remotely...
Dell OpenManage Network Manager MySQL vulnerability
Added: 11/20/2018 BID: 105912 Background Dell OpenManage Network Manager is a product for monitoring and managing network devices. Problem Dell OpenManage Network Manager runs the MySQL database service with root privileges and enables default database accounts, allowing a remote attacker to writ...