27 matches found
CVE-2022-33184
A vulnerability in fabseg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account...
EUVD-2019-7019
Malware in sbrugna...
EUVD-2022-36228
Malicious code in bioql PyPI...
CVE-2024-38646
The CVE-2024-38646 entry affects Notes Station 3. An incorrect permission assignment for a critical resource could allow local authenticated attackers with administrator access to read or modify the resource. Remediation: vulnerability fixed in Notes Station 3 version 3.9.7 and later. Impact deta...
CVE-2022-33184
A vulnerability in fabseg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account...
CVE-2022-1984
This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access WFA before version 7.2 may allow local authenticated attackers to elevate privileges via a malicious serialized payload...
Arbitrary Code Execution
io.fabric8:kubernetes-client is vulnerable to arbitrary code execution. Misconfigured YAML parsing in unmarshalYaml function allows local authenticated attackers to execute arbitrary code on the target machine via a maliciously crafted YAML string...
Vulnerabilities fixed in QEMU and libvirt
Vulnerabilities have been fixed in QEMU and libvirt. The vulnerabilities allow a local, authenticated malicious person potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Access to system data Increased user privileges -= Red Hat =- Red Hat...
Vulnerabilities fixed in Cisco Data Center Network Manager
Cisco has fixed several vulnerabilities in the Data Center Network Manager. The vulnerabilities allow a local authenticated malicious party to conduct attacks that can lead to the following types of damage: Cross-Site Scripting XSS. Manipulation of data Access to system data Increased user...
Juniper JSA10975
According to the self reported version of Junos OS on the remote device it is affected by a path traversal vulnerability with the Next-Generation Routing Engine. A local authenticated attacker can exploit this, to read sensitive file systems. Note that Nessus has not tested for this issue but has...
Code injection
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscovernew.php...
Design/Logic Flaw
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the...
Windows Kernel 64-bit stack memory disclosure in win32k!PROXYPORT::SendRequest(CVE-2018-0814)
We have discovered that the win32k!PROXYPORT::SendRequest function sends ALPC messages with portions of uninitialized memory from the local stack frame on Windows 7 64-bit other versions were not tested. The message is 0x20 bytes long, 8 of which are uninitialized. The layout of the memory area i...
Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues)' Kernel Stack Memory Disclosure
/ We have discovered that the nt!NtQueryInformationProcess system call invoked with the 76 information class discloses portions of uninitialized kernel stack memory to user-mode clients. The specific information class is handled by an internal nt!PsQueryProcessEnergyValues function. While we don'...
Microsoft Windows Kernel - win32k!NtGdiGetPhysicalMonitorDescription Stack Memory Disclosure Exploit
Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1268 We have discovered that the nt!NtGdiGetPhysicalMonitorDescription system call discloses portions of uninitialized kernel stack memory to user-mode clients, on Windows 7 to...
Microsoft Windows Kernel - nt!NtSetIoCompletion nt!NtRemoveIoCompletion Pool Memory Disclosure
Microsoft Windows Kernel - nt!NtSetIoCompletion nt!NtRemoveIoCompletion Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1269 We have discovered that the nt!NtRemoveIoCompletion system call handler discloses 4 bytes of uninitialized pool memory to user-mo...
Microsoft Windows - nt!NtQueryInformationJobObject (information class 28) Kernel Stack Memory Disclo
Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1194 We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented QueryInformationJobObject API function called with the 28 information...
Windows Kernel stack memory disclosure in win32k!NtGdiMakeFontDir(CVE-2017-8477)
We have discovered that the win32k!NtGdiMakeFontDir system call discloses large portions of uninitialized kernel stack memory to user-mode clients. The attached proof of concept code which is specific to Windows 7 32-bit works by first filling a large portion of the kernel stack with a controlled...
Windows Kernel stack memory disclosure in nt!NtQueryInformationJobObject(CVE-2017-8479)
We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented QueryInformationJobObject API function called with the 28 information class discloses portions of uninitialized kernel stack memory to user-mode clients. The specific name of the 28 information...
Microsoft Windows - 'win32k!NtGdiGetOutlineTextMetricsInternalW' Kernel Stack Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1179 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7-10 through the win32k!NtGdiGetOutlineTextMetricsInternalW system call. The system call...