CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

CVE-2020-3968

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an out-of-bounds write vulnerability in the USB 3.0 controller xHCI. A malicious actor with local administrati...

Out-of-bounds

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an out-of-bounds write vulnerability in the USB 3.0 controller xHCI. A malicious actor with local administrati...

CVE-2020-3969

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual...

CVE-2020-3969

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual...

CVE-2020-4470

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725...

McAfee VirusScan Enterprise Junction Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of McAfee VirusScan Enterprise. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Windows Bluetooth Service Elevation of Privilege Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in the way memory objects are handled in Microsoft Windows Bluetooth. A local attacker can exploit this vulnerability with a specially...

Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-24906)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in Microsoft Windows and Windows Server, which arises from...

Microsoft Windows WalletService elevation of privilege vulnerability (CNVD-2021-29542)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in the way memory objects are handled in Microsoft Windows WalletService, which can be exploited by an attacker to elevate privileges and...

Apple macOS SkyLight Integer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SkyLight module. The...

(0Day) Microsoft Windows splwow64 Untrusted Pointer Dereference Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode...

Microsoft Windows Kernel Elevation of Privilege Vulnerability (CNVD-2020-46636)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Kernel is one of the Windows system kernels. An elevation of privilege vulnerabili...

Adobe Acrobat DC Security Update (APSB20-24) - Mac OS X

Adobe Acrobat DC Continuous Track is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2020-5538

Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows authenticated attackers to execute arbitrary code with the SYSTEM privilege on the computer where PALLET CONTROL is installed via unspecified vectors. PalletControl 7 to 9.1 are not affected by this vulnerability, however under...

Schneider Electric EcoStruxure IT Gateway Improper Access Control Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

LAquis SCADA LGX File Insufficient UI Warning Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...

LAquis SCADA LGX File Insufficient UI Warning Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...

Microsoft Windows gdi32full StretchDIBitsImpl Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...