4392 matches found
Path traversal
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...
DEBIAN-CVE-2018-1000622
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...
CVE-2018-1000622
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...
CVE-2018-1000622
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...
CVE-2018-1000622
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...
CVE-2018-1000622
CVE-2018-1000622 affects Rust rustdoc: loading plugins from world-writable directories could enable local code execution. AFFECTED: rustdoc versions 0.8 through 1.27.0; exploitation via the --plugin flag without the --plugin-path flag. REMEDY: upgrade to a fixed release (1.27.1 per initial descri...
CVE-2018-1000622
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...
IBM DB2 Privilege Mobilization Vulnerability
IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A format string vulnerability exists in IBM DB2 including DB2 Connect Server on Linux, UNIX, and...
SUSE-SU-2018:1874-1 Security update for zsh
This update for zsh to version 5.5 fixes the following issues: Security issues fixed: - CVE-2018-1100: Fixes a buffer overflow in utils.c:checkmailpath that can lead to local arbitrary code execution bsc1089030 - CVE-2018-1071: Fixed a stack-based buffer overflow in exec.c:hashcmd bsc1084656 -...
zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution
A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom "you have new mail" message, leads to code execution in the context of the user who receives the message. If the user...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2018-4145)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4145 advisory. - x86/fpu: Make eager FPU default Mihai Carabas Orabug: 28156175 CVE-2018-3665 - ALSA: hrtimer: Fix stall by hrtimercancel Takashi Iwai Orabug:...
CVE-2018-6233
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security Consumer 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must first obtain the abilit...
CVE-2017-14187
Fortinet FortiOS contains a local privilege escalation/remote code execution vulnerability (CVE-2017-14187) affecting FortiOS 5.6.0–5.6.2, 5.4.0–5.4.8, and 5.2 and earlier. An admin user with super_admin privileges can abuse a FortiGate USB device by linking an arbitrary binary on the USB drive t...
CVE-2017-14187
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary progra...
CVE-2018-1000199
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...
DEBIAN-CVE-2018-1000199
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...
CVE-2018-1000199
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...
Design/Logic Flaw
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...
CVE-2018-1000199
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...
CVE-2018-1000199
The CVE-2018-1000199 entry concerns the Linux kernel (v3.18) where modify_user_hw_breakpoint() contains a ptrace-related handling flaw. This flaw can allow a local attacker to crash the kernel and, per other sources, may enable memory corruption or local code execution via ptrace. The issue is ro...