Design/Logic Flaw

In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient checks when getting the project from VCS...

CVE-2021-29263

In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient checks when getting the project from VCS...

Jetbrains JetBrains IntelliJ IDEA 安全漏洞

Jetbrains JetBrains IntelliJ IDEA is a Czech JetBrains integrated development environment for the Java language . A local code execution vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2020.3.3. The vulnerability stems from an insufficient check when the VCS fetches the project...

JetBrains WebStorm 安全漏洞

JetBrains WebStorm is a JavaScript integrated development environment from Czech software development company JetBrains. versions prior to JetBrains WebStorm 2021.1 have a local code execution vulnerability that could be exploited by an attacker to make WebStrom execute local code when pulling co...

Jetbrains JetBrains PyCharm 数据伪造问题漏洞

PyCharm is the Python integrated development environment from Czech software development company JetBrains. A local code execution vulnerability exists in PyCharm versions prior to 2020.3.4. The vulnerability stems from insufficient checks when the VCS fetches a project and can be exploited by an...

GHSA-C57F-4VP2-JQHM Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 Vaadin 14.0.3 through Vaadin 14.5.2, 3.0 prior to 6.0 Vaadin 15 prior to 19, and 6.0.0 through 6.0.5 Vaadin 19.0.0 through 19.0.4 allows local users to inject malicious code...

CVE-2021-20515

IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366...

CVE-2021-26807

GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgccsdw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading...

Boost Connect community Galaxy Client 代码问题漏洞

Boost Connect community Galaxy Client is a Boost Connect community open source application. It provides a function to remove unused PC programs. A code issue vulnerability exists in Galaxy Client 2.0.28.9, which can be exploited by an attacker to potentially run code locally via an unsigned DLL...

IBM Spectrum Protect 缓冲区错误漏洞

IBM Spectrum Protect formerly known as Tivoli Storage Manager is a suite of data protection platforms from International Business Machines IBM. The platform provides organizations with a single point of control and management, and supports backup and recovery for virtual, physical and cloud...

CVE-2021-0252

NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon JDMD process. This issue affects Juniper Networks Junos OS on NFX Series: 18.1 version 18.1R1...

CVE-2021-0252

NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon JDMD process. This issue affects Juniper Networks Junos OS on NFX Series: 18.1 version 18.1R1...

CVE-2021-0252 Junos OS: NFX Series: Local Code Execution Vulnerability in JDMD Leads to Privilege Escalation

NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon JDMD process. This issue affects Juniper Networks Junos OS on NFX Series: 18.1 version 18.1R1...

CVE-2021-0252

CVE-2021-0252 affects Juniper Networks Junos OS on NFX Series devices. The issue is a local code execution vulnerability via the Junos Device Management Daemon (JDMD) that can lead to privilege escalation. Affected: NFX Series with Junos OS 18.1R1 and later versions prior to 18.2R3-S5; 18.3 versi...

Winpakpro 4.8 - (ScheduleService) Unquoted Service Path Vulnerability

Exploit Title: Winpakpro 4.8 - 'ScheduleService' Unquoted Service Path Discovery by: Alan Mondragon Vendor Homepage: https://www.security.honeywell.com/product-repository/winpak Software Links : https://www.security.honeywell.com/product-repository/winpak WinPackPro Tested Version: 4.8...

Interactive Suite 3.6 - (eBeam Stylus Driver) Unquoted Service Path Vulnerability

Exploit Title: Interactive Suite 3.6 - 'eBeam Stylus Driver' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.luidia.com Software Link: http://down.myequil.com/dn/setup/ScrapBookwin/down.html Tested Version: 3.6 Tested on OS: Windows 10 Pro x64 es Step to discover...

QNAP QVR Client 5.0.0.13230 - (QVRService) Unquoted Service Path Vulnerability

Exploit Title: QNAP QVR Client 5.0.0.13230 - 'QVRService' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.qnap.com Tested Version: 5.0.0.13230 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es Step to discover Unquoted Service Path: C:\wm...

Vulnerability fixed in QEMU

A vulnerability has been fixed in QEMU. The vulnerability allows potentially allow a local malicious person from a guest system to execute arbitrary code on the host system under root permissions. Exploiting the vulnerability is no easy task. -= Red Hat =- Red Hat has made updates available for R...

HPSBPI03720 rev. 1 - Software Vulnerability with Certain HP OfficeJet and PageWide Solutions

Potential Security Impact Local Code Execution Source: HP, HP Product Security Response Team PSRT VULNERABILITY SUMMARY HP has identified a security vulnerability with the I.R.I.S. OCR Optical Character Recognition software available with HP PageWide and OfficeJet printer software installations...

PYSEC-2021-891

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior t...