CVE-2021-0252

CVE-2021-0252 affects Juniper Networks Junos OS on NFX Series devices. The issue is a local code execution vulnerability via the Junos Device Management Daemon (JDMD) that can lead to privilege escalation. Affected: NFX Series with Junos OS 18.1R1 and later versions prior to 18.2R3-S5; 18.3 versi...

CVE-2021-0252 Junos OS: NFX Series: Local Code Execution Vulnerability in JDMD Leads to Privilege Escalation

NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon JDMD process. This issue affects Juniper Networks Junos OS on NFX Series: 18.1 version 18.1R1...

Winpakpro 4.8 - (ScheduleService) Unquoted Service Path Vulnerability

Exploit Title: Winpakpro 4.8 - 'ScheduleService' Unquoted Service Path Discovery by: Alan Mondragon Vendor Homepage: https://www.security.honeywell.com/product-repository/winpak Software Links : https://www.security.honeywell.com/product-repository/winpak WinPackPro Tested Version: 4.8...

QNAP QVR Client 5.0.0.13230 - (QVRService) Unquoted Service Path Vulnerability

Exploit Title: QNAP QVR Client 5.0.0.13230 - 'QVRService' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.qnap.com Tested Version: 5.0.0.13230 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es Step to discover Unquoted Service Path: C:\wm...

Interactive Suite 3.6 - (eBeam Stylus Driver) Unquoted Service Path Vulnerability

Exploit Title: Interactive Suite 3.6 - 'eBeam Stylus Driver' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.luidia.com Software Link: http://down.myequil.com/dn/setup/ScrapBookwin/down.html Tested Version: 3.6 Tested on OS: Windows 10 Pro x64 es Step to discover...

Vulnerability fixed in QEMU

A vulnerability has been fixed in QEMU. The vulnerability allows potentially allow a local malicious person from a guest system to execute arbitrary code on the host system under root permissions. Exploiting the vulnerability is no easy task. -= Red Hat =- Red Hat has made updates available for R...

HPSBPI03720 rev. 1 - Software Vulnerability with Certain HP OfficeJet and PageWide Solutions

Potential Security Impact Local Code Execution Source: HP, HP Product Security Response Team PSRT VULNERABILITY SUMMARY HP has identified a security vulnerability with the I.R.I.S. OCR Optical Character Recognition software available with HP PageWide and OfficeJet printer software installations...

PYSEC-2021-891

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior t...

UBUNTU-CVE-2021-25315

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior t...

Western Digital My Cloud Multiple Products 5.0 < 5.10.122 Multiple Vulnerabilities (WDC-21002)

Multiple Western Digital My Cloud products are prone to a local code execution and information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

PT-2021-17041 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.4-25553 Description: The issue is related to an incorrect authorization vulnerability in the synoagentregisterd component of Synology DiskStation Manager DSM, allowing local users to...

DEBIAN-CVE-2021-3410

A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in cacaresize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context...

UBUNTU-CVE-2021-3410

A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in cacaresize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context...

PT-2021-3607

Name of the Vulnerable Software and Affected Versions libcaca version 0.99.beta19 Description A flaw was found in the caca resize function in libcaca/caca/canvas.c, which is related to a buffer overflow issue. This may lead to local execution of arbitrary code in the user context. The issue can...

CVE-2020-11635

The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges...

SUSE-SU-2021:0433-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel bnc1181349. -...

VulnCheck KEV: CVE-2008-3431

An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code...

Fedora 32 : kernel (2021-6e805a5051)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-6e805a5051 advisory. - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local...

Modesty pdfjson buffer error vulnerability

Modesty Pdf2json is Modesty individual developers of a Java-based PDF files can interact with Json files code library. A buffer error vulnerability exists in pdf2json 0.69, which stems from a buffer overflow that allows a local user to execute arbitrary code by converting a carefully crafted PDF...

CVE-2021-25758

In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution...