McAfee VirusScan Enterprise Elevation of Privilege Vulnerability

McAfee VirusScan Enterprise VSE is a suite of antivirus software from the American company McAfee. The software provides a full range of security protection, scans memory for malicious code and optimizes updates for remote systems. An elevation of privilege vulnerability exists in versions prior ...

McAfee Endpoint Detection and Response Privileging Vulnerability (CNVD-2020-35071)

McAfee Endpoint Detection and Response EDR is a suite of endpoint threat detection and response solutions from the U.S.-based company McAfee McAfee. The product supports threat event monitoring, host traffic monitoring and automatic threat identification and other functions. A power lifting...

TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution', 'Description' = %q This module exploits a command injection...

Redis Replication Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Redis Replication Code Execution', 'Description' = %q This module can be used to leverage the extension functionality added since Redis 4.0.0 to...

Fortinet FortiClient Denial of Service Vulnerability (CNVD-2019-41687)

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet FortiClient...

Fortinet FortiClient Command Injection Vulnerability (CNVD-2019-42446)

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A command injection vulnerability exists in Fortinet...

CVE-2019-0061

The management daemon MGD is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a...

The vulnerability of the fly-wm component in the FLY operating system of the Astra Linux platform allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the fly-wm component in the FLY operating system of Astra Linux relates to the inability to successfully execute the lock mechanism. Exploiting this vulnerability may allow an attacker, working remotely, to gain unauthorized access to protected information or cause service...

matio:matio_fuzzer: Crash in H5O_chunk_deserialize

Project: git://git.code.sf.net/p/matio/matio Detailed Report: https://oss-fuzz.com/testcase?key=5716605253713920 Project: matio Fuzzing Engine: afl Fuzz Target: matiofuzzer Job Type: aflasanmatio Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0009ffbe04a8 Crash State:...

Code Execution Vulnerability in DouPHP_1.5

DouPHP1.5 is a lightweight enterprise website management system, based on PHP+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. DouPHP1.5 suffers from a code execution vulnerability that can be exploited by attackers to execute arbitrary code...

clamav/clamav_scanmap_fuzzer: Index-out-of-bounds in real_scansis

Detailed report: https://oss-fuzz.com/testcase?key=5165813392211968 Project: clamav Fuzzer: libFuzzerclamavscanmapfuzzer Fuzz target binary: clamavscanmapfuzzer Job Type: libfuzzerubsanclamav Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Crash State: realscansis cliscansis...

The vulnerability of the daemon/gvfsbackendadmin.c component of the GVFS subsystem in GNOME desktop environments on Linux operating systems allows a attacker to compromise the integrity, confidentiality, and accessibility of the protected information.

The vulnerability of the daemon/gvfsbackendadmin.c component in the GVFS subsystem of GNOME desktop environments on Linux operating systems arises from the simultaneous execution using shared resources with incorrect synchronization. Exploiting this vulnerability allows an attacker to compromise...

Adobe Campaign Classic Information Disclosure Vulnerability (CNVD-2019-18623)

Adobe Campaign Classic ACC is a suite of cross-channel customer experience marketing platforms from the American company Audobee Adobe. The platform features real-time interaction management, Adobe Experience Cloud integration, data management and integration. An information disclosure...

PHP PHP_INI_SYSTEM Ineffective Controls Vulnerability

Security controls configured via php.ini directives at the PHPINISYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform. Proof of concept code included. "PHP is a popular general-purpose scripting language that is...

IPBRICK OS Cross-Site Scripting Vulnerability

IPBRICK OS is a Linux-based communication platform. The platform includes features such as document and process management, e-mail and collaboration tools. A cross-site scripting vulnerability exists in IPBRICK OS version 6.3. The vulnerability stems from a lack of proper validation of client dat...

imagemagick/ping_dng_fuzzer: Use-of-uninitialized-value in LibRaw::open_datastream

Detailed report: https://oss-fuzz.com/testcase?key=5731129560137728 Project: imagemagick Fuzzer: libFuzzerimagemagickpingdngfuzzer Fuzz target binary: pingdngfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...

Important: Red Hat Security Advisory: Container Development Kit 3.7.0-1 security update

Red Hat Container Development Kit 3.7.0-1 update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2019:0202-1 Rating: important References: 1125330 Cross-References: CVE-2018-18335 CVE-2018-18356 CVE-2019-5785 Affected Products: openSUSE Leap 42.3 An update that fixes three vulnerabilities is now...

snapd < 2.37 (Ubuntu) - dirty_sock Local Privilege Escalation (1)

Exploit for linux platform in category local exploits...

ots/ots-fuzzer: Heap-buffer-overflow in ots::OpenTypeSTAT::Serialize

Project: https://github.com/khaledhosny/ots.git Detailed report: https://oss-fuzz.com/testcase?key=5702836548009984 Project: ots Fuzzer: libFuzzerotsots-fuzzer Fuzz target binary: ots-fuzzer Job Type: libfuzzerasanots Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address:...