Privilege escalation

Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially execute code or disclose information as administrator via local access...

Privilege escalation

Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access...

CVE-2018-12148

Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access...

CVE-2018-12160

DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access...

CVE-2018-12168

Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access...

CVE-2018-12150

Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially execute code or disclose information as administrator via local access...

Huawei Mobile Phone Input Validation Vulnerability

Huawei Mate 10 ALP-L09 is a smartphone product of Chinese company Huawei Huawei. An input validation vulnerability exists in the Huawei Mate 10 ALP-L09 phone due to a lack of parameter checking. An attacker induces a user who has gained root privileges to install a carefully crafted application,...

Stack-based Buffer Overflow

libglusterfs.so is vulnerable to stack-based buffer overflow. The functions in server-rpc-fopc.c allocates fixed size buffers which allows authenticated users to exploit the vulnerability to crash or execute code by mounting a gluster volume and sending a string longer than the fixed buffer size...

Arbitrary Code Execution

libglusterfs.so is vulnerable to arbitrary code execution attacks. The library does not properly sanitize file paths in the trusted.io-stats-dump attribute, allowing a malicious user to create arbitrary files or execute arbitrary code...

CVE-2018-10929

A flaw was found in RPC request using gfs2createreq in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes...

glusterfs: Arbitrary file creation on storage server allows for execution of arbitrary code

A flaw was found in RPC request using gfs2createreq in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes...

CVE-2018-10929

A flaw was found in RPC request using gfs2createreq in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. Mitigation To limit exposure of gluster server nodes : 1. gluster server should be on LAN and not...

Joomla! cross-site scripting vulnerability (CNVD-2018-17502)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A cross-site scripting vulnerability exists in Joomla! versions prior to 3.8.12 that stems from the program failing to adequately filter output. A...

Code injection

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code...

CVE-2018-15911

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code...

CVE-2018-15909

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code...

CVE-2018-15910

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code...

CVE-2018-15910

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code...

CVE-2018-3784

A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization...

Intel Smart Sound Technology Driver Module Elevation of Privilege Vulnerability (CNVD-2018-15605)

Intel Smart Sound Technology is an integrated audio DSP Digital Signal Processor from Intel USA, which is mainly used to process audio, support voice interaction and so on. An elevation of privilege vulnerability exists in the driver module in versions prior to Intel Smart Sound Technology...