SUSE CVE-2018-1000622

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

SUSE CVE-2018-1000876

binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfdgetdynamicrelocupperbound,bfdcanonicalizedynamicreloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be...

SUSE CVE-2019-4732

IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing ...

SUSE CVE-2019-5858

Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page...

SUSE CVE-2019-9755

An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In...

SUSE CVE-2020-6417

Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry...

SUSE CVE-2020-24995

Buffer overflow vulnerability in sniffchannelorder function in aacdectemplate.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code local...

SUSE CVE-2021-3410

A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in cacaresize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context...

PT-2023-1739 · Fortinet · Fortianalyzer

Name of the Vulnerable Software and Affected Versions: Fortinet FortiAnalyzer versions 6.4.0 through 6.4.9 Fortinet FortiAnalyzer versions 7.0.0 through 7.0.5 Fortinet FortiAnalyzer versions 7.2.0 through 7.2.1 Description: The issue is related to the improper neutralization of formula elements i...

CVE-2022-1892

A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code...

[SECURITY] [DLA 3278-1] tiff security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3278-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler January 20, 2023 https://wiki.debian.org/LTS -...

PT-2022-27797 · Cx-Drive · Cx-Drive

Name of the Vulnerable Software and Affected Versions: CX-Drive versions 3.00 and earlier Description: The issue allows a local attacker to execute arbitrary code by having a user open a specially crafted file. This is due to a use after free vulnerability. Recommendations: For CX-Drive versions...

PT-2022-6512 · Parallels · Parallels Desktop

Name of the Vulnerable Software and Affected Versions: Parallels Desktop versions prior to 18.1.1 Description: This issue allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the...

Vulnerability fixed in Microsoft Apps

A vulnerability has been fixed in Windows Terminal. The vulnerability allows a local malicious person to execute arbitrary code to execute arbitrary code. To exploit the vulnerability, the malicious party must trick the victim into downloading and opening a rogue file. download and open it. Windo...

CVE-2022-45797

An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to...

CVE-2022-39882

Heap overflow vulnerability in sflacffalbytespeek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code...

PT-2022-25075 · Unknown · Libsmat.So

Name of the Vulnerable Software and Affected Versions: libsmat.so library versions prior to SMR Nov-2022 Release 1 Description: A heap overflow issue exists in the sflacf fal bytes peek function, allowing a local attacker to execute arbitrary code. Recommendations: For versions prior to SMR...

USN-5713-1 python3.10 vulnerability

Devin Jeanpierre discovered that Python incorrectly handled sockets when the multiprocessing module was being used. A local attacker could possibly use this issue to execute arbitrary code and escalate privileges...

PT-2022-7158 · Parallels · Parallels Desktop

Name of the Vulnerable Software and Affected Versions: Parallels Desktop affected versions not specified Description: The issue is related to the Updater service of Parallels Desktop, where a Time-Of-Check Time-Of-Use flaw allows local attackers to escalate privileges on affected installations. A...

CVE-2022-32487

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...