CVE-2020-0126

In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930...

CVE-2020-0126

In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930...

Race condition

In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930...

CVE-2020-0126

In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930...

CVE-2020-7279

DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System Host IPS for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder...

IBM i2 Analysts Notebook and IBM i2 Analysts Notebook Premium Buffer Overflow Vulnerability (CNVD-2020-29554)

IBM i2 Analysts Notebook and IBM i2 Analysts Notebook Premium are both products of IBM Corporation, USA.IBM i2 Analysts Notebook is a data visualization and analysis tool. The product supports features such as data storage and data analysis.IBM i2 Analysts Notebook Premium is an advanced version ...

CVE-2020-4266

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force...

CVE-2020-4263

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force...

CVE-2020-4261

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force...

CVE-2020-4266

CVE-2020-4266 affects IBM i2 Analyst's Notebook and IBM i2 Analyst's Notebook Premium (version 9.2.1). The vulnerability is a local memory corruption that could allow a locally authenticated user to execute arbitrary code by persuading a victim to open a specially crafted file. The IBM security b...

curl: Curl_auth_create_plain_message integer overflow leads to heap buffer overflow

Summary: There is an incorrect integer overflow check in Curlauthcreateplainmessage in lib/vauth/cleartext.c , leading to a potential heap buffer overflow of controlled length and data. The exploitation seems quite easy, yet the vulnerability can only be triggered locally and does not seem to lea...

Linux kernel buffer overflow vulnerability (CNVD-2020-37938)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A buffer overflow vulnerability exists in the 'xdpumemre' function of the net/xdp/xdpumem.c file in versions of Linux kernel prior to 5.6.7, which can be exploited by ...

Oracle Database 11g Release 2 - (OracleDBConsoleorcl) Unquoted Service Path Vulnerability

Exploit Title: Oracle Database 11g Release 2 - 'OracleDBConsoleorcl' Unquoted Service Path Discovery by: Nguyen Khang - SunCSR Vendor Homepage: https://www.oracle.com/ Software Link: https://www.oracle.com/database/technologies/112010-win64soft.html Tested Version: 11g release 2 Vulnerability Typ...

Plex Media Server < 1.19.2.2673 Local Code Execution Vulnerability

Plex Media Server is prone to a local unauthenticated code execution vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

CVE-2020-7275

Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security ENS for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file...

CVE-2018-1000622

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

OpenSSH 7.7 - 7.9, 8.x < 8.1 Integer Overflow Vulnerability

OpenSSH is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:openssh";...

Parallels Desktop xHCI Component Input Validation Error Vulnerability

Corel Parallels Desktop is a suite of virtual machine software for the macOS platform from Corel Canada. An input validation error vulnerability exists in the xHCI component of Corel Parallels Desktop version 15.1.2-47123, which stems from the program not properly validating user-submitted data. ...

SUSE-SU-2020:14290-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox was updated to version 68.5.0 ESR bsc1163368. Security issues fixed: - CVE-2020-6796: Fixed a missing bounds check on shared memory in the parent process bsc1163368. - CVE-2020-6798: Fixed a JavaScript code injection issue caused ...

IBM DB2 Buffer Overflow Vulnerability (CNVD-2020-10506)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A buffer overflow vulnerability exists in IBM DB2 including DB2 Connect Server that originates from th...