Citrix XenServer Multiple Vulnerabilities (Foreshadow) (CTX236548)

The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities including L1 Terminal Fault L1TF and a local code execution vulnerability. C Tenable Network Security, Inc. include"compat.inc"; if description...

Intel Smart Sound Technology Driver Module Elevation of Privilege Vulnerability

Intel Smart Sound Technology is an integrated audio DSP Digital Signal Processor from Intel USA, which is mainly used to process audio, support voice interaction and so on. An elevation of privilege vulnerability exists in the driver module in versions prior to Intel Smart Sound Technology...

Input validation

A vulnerability has been identified in SIMATIC STEP 7 TIA Portal and WinCC TIA Portal V10, V11, V12 All versions, SIMATIC STEP 7 TIA Portal and WinCC TIA Portal V13 All versions V13 SP2 Update 2, SIMATIC STEP 7 TIA Portal and WinCC TIA Portal V14 All versions V14 SP1 Update 6, SIMATIC STEP 7 TIA...

CVE-2018-11453

A vulnerability has been identified in SIMATIC STEP 7 TIA Portal and WinCC TIA Portal V10, V11, V12 All versions, SIMATIC STEP 7 TIA Portal and WinCC TIA Portal V13 All versions V13 SP2 Update 2, SIMATIC STEP 7 TIA Portal and WinCC TIA Portal V14 All versions V14 SP1 Update 6, SIMATIC STEP 7 TIA...

CVE-2018-11453

A vulnerability has been identified in SIMATIC STEP 7 TIA Portal and WinCC TIA Portal V10, V11, V12 All versions, SIMATIC STEP 7 TIA Portal and WinCC TIA Portal V13 All versions V13 SP2 Update 2, SIMATIC STEP 7 TIA Portal and WinCC TIA Portal V14 All versions V14 SP1 Update 6, SIMATIC STEP 7 TIA...

CVE-2018-11453

Siemens SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) are affected by CVE-2018-11453 due to improper default file permissions in the TIA Portal installer. This allows a local attacker with file system access to insert specially crafted files that may prevent startup (Denial-of-Service) or le...

CVE-2018-11453

A vulnerability has been identified in SIMATIC STEP 7 TIA Portal and WinCC TIA Portal V10, V11, V12 All versions, SIMATIC STEP 7 TIA Portal and WinCC TIA Portal V13 All versions V13 SP2 Update 2, SIMATIC STEP 7 TIA Portal and WinCC TIA Portal V14 All versions V14 SP1 Update 6, SIMATIC STEP 7 TIA...

CVE-2016-4397

A local code execution security vulnerability was identified in HP Network Node Manager i NNMi v10.00, v10.10 and v10.20 Software...

CVE-2016-4397

A local code execution security vulnerability was identified in HP Network Node Manager i NNMi v10.00, v10.10 and v10.20 Software...

CVE-2016-4397

CVE-2016-4397 affects HP Network Node Manager i (NNMi) versions 10.00, 10.10 and 10.20. The connected sources describe a local code execution vulnerability that could allow an attacker to execute arbitrary code in the NNMi application context, potentially leading to a denial of service or full co...

Intel Quartus II Programmer and Tools Elevation of Privilege Vulnerability

Intel Quartus II Programmer and Tools is a set of tools for hardware programming from Intel USA. A security vulnerability exists in Intel Quartus II Programmer and Tools versions 11.0 through 15.0. A local attacker can exploit the vulnerability to execute arbitrary code...

Intel Processor Diagnostic Tool elevation of privilege vulnerability (CNVD-2018-15597)

Intel Processor Diagnostic Tool IPDT is a processor function diagnostic tool from Intel USA. An elevation of privilege vulnerability exists in Intel IPDT versions prior to 4.1.0.27. A local attacker can exploit this vulnerability to execute arbitrary code...

Updated rust packages fix security vulnerability

The Rust Programming Language rustdoc version before version 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

CVE-2018-3684

Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code...

CVE-2018-3688

Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code...

CVE-2018-3683

Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code...

CVE-2018-1566

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023...

CVE-2018-1458

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209...

CVE-2018-1566

CVE-2018-1566 affects IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Server) versions 9.7, 10.1, 10.5, and 11.1. The vulnerability is a local, format-string error that could allow a local user to execute arbitrary code. Several connected documents confirm the issue and cite IBM X-Forc...

CVE-2018-1000622

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...