2019 matches found
Apple macOS Kernel Command 0x10007 Out-Of-Bounds Write Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppleIntelKBLGraphic...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed several vulnerabilities in Microsoft Exchange Server. An authenticated remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code execute arbitrary code or to obtain sensitive information. For each of the vulnerabilities included in this...
Cool Music (Windows client) suffers from a dll hijacking vulnerability
Cool Music is a music player that serves songs to its users. A dll hijacking vulnerability exists in CoolMusic Windows client. An attacker can exploit this vulnerability to load a malicious dll and execute malicious code...
CVE-2020-4102
HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system...
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...
CVE-2020-25989
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges...
Vulnerability fixed in IBM Db2
IBM has fixed a vulnerability in Db2 and Db2 Connect Server. A local, authenticated malicious agent could potentially exploit the vulnerability to execute arbitrary code under root or SYSTEM privileges. IBM has released updates to fix the vulnerability. For more information, see:...
Dll Hijacking Vulnerability in Shoos Flash Wizard (Windows Client)
Shock Wave Flash Wizard is a SWF decompiler that not only captures, decompiles, views and extracts Shock Wave Flash movies .swf and .exe format files, but also converts SWF format files to FLA format files. A dll hijacking vulnerability exists in Shock Wave Flash Wizard Windows client. An attacke...
The vulnerability of the Java framework Apache Camel, related to the recovery of unreliable data structures in memory, allows an attacker to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.
The vulnerability of the Java framework Apache Camel is related to the restoration of unreliable data structures in memory. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information, execute arbitrary code, or cause service failure...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : libexif vulnerability (USN-4624-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4624-1 advisory. It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause unexpected behaviour...
Spoofing
A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user...
CVE-2020-25174 B. Braun OnlineSuite
A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user...
Code injection
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code...
CVE-2020-15708
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code...
webkitgtk: use-after-free via crafted web content
A use-after-free flaw exists in WebKitGTK. This flaw allows remote attackers to execute arbitrary code or cause a denial of service...
CVE-2020-27853
CVE-2020-27853 is a format-string vulnerability in Wire’s peerflow/sdp.c (sdp_media_set_lattr). It affects Wire AVS 5.3–6.x before 6.4 and Wire Secure Messenger apps on Android/iOS (before the listed versions). Remote attackers could cause a denial of service (crash) or execute arbitrary code; im...
Mozilla Firefox Memory Corruption Vulnerability (CNVD-2020-60333)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A memory corruption vulnerability exists in Mozilla Firefox's handling of WEB page content, which allows remote attackers to exploit the vulnerability by submitting a special WEB request that the user ...
Trend Micro Antivirus for Mac Error Message Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
PT-2020-20831 · Apple · Macos Catalina +4
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 tvOS versions prior to 13.4.8 watchOS versions prior to 6.2.8 Description: A buffer overflow issue was addressed with improved bounds checking...
CVE-2020-5792
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user...