Privilege escalation

Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-1743)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Bosch Video Client Code Issue Vulnerability

Bosch Video Client is an application from the German company Bosch. It is used to display cameras connected to the network in real time. A code issue vulnerability exists in Bosch Video Client, which can be exploited by an attacker to execute arbitrary code on a victim's system...

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package whose signature header was modified to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity confidentiality and system availability.

...

Fedora 33 : rpm (2021-8d52a8a999)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-8d52a8a999 advisory. - A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to...

Cisco IOS XE Local Elevation of Privilege Vulnerability

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A local elevation of privilege vulnerability exists in one of the diagnostic test CLI commands for Cisco IOS XE. The vulnerability stems from the fact that the affected software...

USN-4814-1: Asterisk vulnerabilities

Richard Mudgett discovered that Asterisk did not properly check the length of input string when setting the user field for PartyB on a CDR. A remote attacker could use this vulnerability to cause a denial of service crash or potentially execute arbitrary code. CVE-2017-16671 Alex Villacis Lasso...

USN-4769-1: Salt vulnerabilities

It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. CVE-2014-3563 Andreas Stieger discovered that Salt...

Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow (CVE-2020-4701)

Summary IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. Vulnerability Details CVEID: CVE-2020-4701 DESCRIPTION: I...

Microsoft Windows RRAS Service MIBEntryGet Overflow

This module exploits an overflow in the Windows Routing and Remote Access Service RRAS to execute code as SYSTEM. The RRAS DCERPC endpoint is accessible to unauthenticated users via SMBv1 browser named pipe on Windows Server 2003 and Windows XP hosts; however, this module targets Windows Server...

HCL Domino 安全漏洞

HCL Software HCL Domino is an application software from India HCL Software. It provides a platform for application development. A security vulnerability exists in HCL Domino, which can be exploited by an attacker to trigger a buffer overflow, which can lead to a denial of service and potentially...

Vulnerabilities fixed in LibTIFF

Vulnerabilities have been fixed in LibTIFF. The vulnerabilities enable an unauthenticated remote malicious agent to opportunity to cause a denial-of-service or potentially execute arbitrary code under user privileges. The malicious party to do this must induce the victim to open a rogue TIFF file...

Visualware MyConnection Server 代码问题漏洞

Visualware MyConnection Server is a software application from Visualware, Inc. Providing accurate measurements of network quality and performance ensures a great user experience. A file upload vulnerability exists in Visualware MyConnection Server 11.0b build 5382 and prior versions, which...

Apple macOS process_token_BindQueryStoreRegisterToMemoryList Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppleIntelKBLGraphic...

The vulnerability of the Downloads function in Google Chrome’s web browser allows a hacker to execute arbitrary code.

The vulnerability of the Downloads function in Google Chrome’s web browser is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

Advantech WebAccess/SCADA 安全漏洞

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A local elevation of privilege...

CVE-2020-25238

A vulnerability has been identified in PCS neo Administration Console All versions V3.1, TIA Portal V15, V15.1 and V16. Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker...

Stack overflow

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code...

CVE-2020-17432

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Fedora 33 : kernel (2021-879c756377)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-879c756377 advisory. - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local...