4392 matches found
Reliable Controls LicenseManager CVE-2019-18245 Local Code Execution Vulnerability
Description Reliable Controls LicenseManager is prone to a local code execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition. Reliable Controls...
CVE-2019-15689
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege...
DEBIAN-CVE-2019-5858
Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page...
UBUNTU-CVE-2019-5858
Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page...
OpenSSH 7.7 < 8.1
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing...
DEBIAN-CVE-2019-16905
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing...
CVE-2019-16905
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing...
CVE-2019-16905
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing...
Integer overflow
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing...
PT-2019-5839
Name of the Vulnerable Software and Affected Versions OpenSSH versions 7.7 through 7.9 OpenSSH versions 8.x before 8.1 Description The issue is caused by an integer overflow in the XMSS key parsing algorithm, leading to memory corruption and local code execution. This occurs when OpenSSH is...
CVE-2019-16905
CVE-2019-16905 affects OpenSSH 7.7–7.9 and 8.x prior to 8.1 when built with the experimental XMSS key type. It describes a pre-authentication integer overflow in XMSS key parsing that can cause memory corruption and local code execution. The XMSS implementation is treated as experimental in all r...
CVE-2019-16905
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing...
CVE-2008-3546
Stack-based buffer overflow in the 1 diffaddremove and 2 diffchange functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATHMAX when running GIT utilities such as git-diff or git-grep...
HP Touchpoint Analytics CVE-2019-6333 Unspecfied Local Code Execution Vulnerability
Description HP Touchpoint Analytics is prone to an unspecfied local code-execution vulnerability. A local attacker can leverage this issue to execute arbitrary code in the context of affected application. Failed attempts may lead to denial-of-service conditions. Versions prior to Touchpoint...
CVE-2019-12091
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to...
Command injection
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to...
CVE-2019-1269
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC.An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege...
CVE-2018-18630
A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code...
CVE-2019-2123
In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...
Microsoft Visual Studio Privilege Mobilization Vulnerability (CNVD-2019-40538)
Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. A privilege extraction vulnerability exists in Microsoft Git for Visual Studio, which stems from the...