CVE-2018-6084

Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file...

PYSEC-2019-122

Sqlayamlfixtures 0.9.1 allows local users to execute arbitrary python code via the fixturetext argument in sqlayamlfixtures.load...

CVE-2018-20331

Local attackers can trigger a Kernel Pool Buffer Overflow in Antiy AVL ATool v1.0.0.22. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x80002004 by the...

CVE-2018-6755

Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key TK 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware...

USN-3811-1 spamassassin vulnerabilities

It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. CVE-2017-15705 It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use th...

zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution

A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom "you have new mail" message, leads to code execution in the context of the user who receives the message. If the user...

Fuji Electric Energy Savings Estimator DLL Load Local Code Execution Vulnerability

Fuji Electric Energy Savings Estimator is an energy saving estimator from Fuji Electric. A local arbitrary code execution vulnerability exists in Fuji Electric Energy Savings Estimator that stems from insufficient validation of user input. Exploitation of this vulnerability could be exploited by ...

Scientific Linux Security Update : spamassassin on SL7.x x86_64 (20181011)

Security Fixes : - spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and result in denial of service CVE-2017-15705 - spamassassin: Local user code injection in the meta rule syntax CVE-2018-11781 C Tenable Network Security, Inc. The descriptive text is C Scientific...

CVE-2018-10499

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

CVE-2018-10499

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

CVE-2018-14889

CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability...

CVE-2018-14889

CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability...

ALPINE-CVE-2018-11781

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...

DEBIAN-CVE-2018-11781

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...

UBUNTU-CVE-2018-11781

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...

Intel Data Center Migration Center Software software installer DLL injection vulnerability

Intel Data Center Migration Center Software is a set of data center migration software from Intel Corporation in the U.S. The software installer is its installer. A DLL injection vulnerability exists in the software installer in Intel Data Center Migration Center Software 3.1 and earlier versions...

Speculative Execution Side Channel Variants 4 and 3a - US

Lenovo Security Advisory: LEN-22133 Potential Impact: Malicious code running locally may be able to observe contents of privileged memory or registers, circumventing expected privilege levels Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3639, CVE-2018-3640 Summary...

CVE-2018-3657

Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access...

Multiple Trend Micro Products Privilege Access Control Vulnerabilities

Trend Micro Premium Security and others are cross-platform antivirus products from Trend Micro that feature anti-ransomware, anti-malware email and system optimization. A privilege access control vulnerability exists in the handling of IDAMSPMASTER requests in multiple Trend Micro products, which...

L1 Terminal Fault Side Channel Vulnerabilities - US

Lenovo Security Advisory: LEN-24163 Potential Impact: Malicious code running locally may be able to observe contents of privileged memory, circumventing expected privilege levels Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 Summary...