CVE-2020-4610

IBM Security Secret Server IBM Security Verify Privilege Manager 10.8.2 could allow a local user to execute code due to improper integrity checks. IBM X-Force ID: 184919...

IBM Security Secret Server 输入验证错误漏洞

IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. An input validation error vulnerability exists in IBM Security Secret Serve...

USN-5001-1 linux-oem-5.10 vulnerabilities

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Mathy Vanhoef discovered that the Linux kernel’s WiFi implementati...

Vulnerability fixed in Cisco AnyConnect Secure Mobility Client

Cisco has fixed a vulnerability in AnyConnect Secure Mobility Client. A local malicious agent could potentially exploit it to execute arbitrary code under SYSTEM privileges. Only clients on which the VPN Posture HostScan Module is installed are vulnerable. Cisco has released updates to fix the...

PT-2021-20399 · D Link · D-Link Ac2600

Name of the Vulnerable Software and Affected Versions: D-Link AC2600DIR-2640 version 1.01B04 Description: The issue involves multiple out-of-bounds vulnerabilities in certain processes. These vulnerabilities can elevate ordinary permissions to administrator permissions, leading to local arbitrary...

D-Link AC2600 缓冲区错误漏洞

The D-Link AC2600 is a wireless device from Taiwan, China-based AUO D-Link. A security vulnerability exists in the D-Link AC2600, which originates from multiple out-of-bounds vulnerabilities in the D-Link AC2600 DIR-2640 1.01B04, where normal privileges can be elevated to administrator privileges...

SUSE: Security Advisory (SUSE-SU-2020:0346-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mcafee McAfee GetSusp 缓冲区错误漏洞

Mcafee McAfee GetSusp is a malware scanning application from McAfee USA. McAfee GetSusp suffers from a buffer error vulnerability that stems from a memory corruption vulnerability in the McAfee GetSusp driver file component could allow a program on the local machine to trigger a buffer overflow i...

CVE-2021-29665

IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges...

CVE-2021-29088

Improper limitation of a pathname to a restricted directory 'Path Traversal' in cgi component in Synology DiskStation Manager DSM before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors...

CVE-2021-29088

CVE-2021-29088 affects Synology DiskStation Manager (DSM) prior to 6.2.4-25553, in the CGI component, via a path traversal vulnerability that allows local users to execute arbitrary code via unspecified vectors. Impact is described as high (C/H/I/H/A/H) with local attack vector and no user intera...

Veyon 4.4.1 - 'VeyonService' Unquoted Service Path

Exploit Title: Veyon 4.4.1 - 'VeyonService' Unquoted Service Path Discovery by: Víctor García Discovery Date: 2020-03-23 Vendor Homepage: https://veyon.io/ Software Link: https://github.com/veyon/veyon/releases/download/v4.4.1/veyon-4.4.1.0-win64-setup.exe Tested Version: 4.4.1 Vulnerability Type...

CVE-2019-4588

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks...

Zephyr 缓冲区错误漏洞

Zephyr is a small real-time operating system for interconnected, resource-constrained embedded devices. A memory corruption vulnerability exists in Zephyr versions 1.14.2, 2.3.0. A local attacker can exploit this vulnerability by sending a malformed SPI response that corrupts kernel memory in the...

JetBrains WebStrom Local Code Execution Vulnerability

JetBrains WebStorm is a JavaScript integrated development environment from Czech software development company JetBrains. versions prior to JetBrains WebStorm 2021.1 have a local code execution vulnerability that could be exploited by an attacker to make WebStrom execute local code when pulling co...

JetBrains PyCharm Local Code Execution Vulnerability

PyCharm is the Python integrated development environment from Czech software development company JetBrains. A local code execution vulnerability exists in PyCharm versions prior to 2020.3.4. The vulnerability stems from insufficient checks when the VCS fetches a project and can be exploited by an...

JetBrains IntelliJ IDEA Local Code Execution Vulnerability

Jetbrains JetBrains IntelliJ IDEA is a Czech JetBrains integrated development environment for the Java language . A local code execution vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2020.3.3. The vulnerability stems from an insufficient check when the VCS fetches the project...

CVE-2021-30005

In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS...

CVE-2021-30005

In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS...

CVE-2021-29263

In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient checks when getting the project from VCS...