CVE-2017-6258

CVE-2017-6258 describes an elevation-of-privilege vulnerability in NVIDIA libnvmmlite_audio.so when running in the Android media server. The issue may cause an out-of-bounds write and could lead to local code execution in a privileged process. Affected product is Android; remediation is tied to A...

Google Android NVIDIA component elevation of privilege vulnerability (CNVD-2018-02982)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A power lifting vulnerability exists in the NVIDIA libnvmmliteaudio.so file in Android. A local attacker can exploit this vulnerability to execute code write across boundaries...

Design/Logic Flaw

Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder...

OpenJDK: loading of classes from untrusted locations (I18n, 8182601)

It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file...

CVE-2018-0103

A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format ARF files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a...

Cisco WebEx Network Recording Player Buffer Overflow Vulnerability (CNVD-2018-02227)

Cisco WebEx Network Recording Player is an application used to play back WebEx meeting minutes recorded on the computers of online meeting participants. A buffer overflow vulnerability exists in Cisco WebEx Network Recording Player. A local attacker could exploit this vulnerability by sending a...

Flaw Found In Dirty COW Patch

A flaw in the original patch for the notorious Dirty COW vulnerability could allow an adversary to run local code on affected systems and exploit a race condition to perform a privilege escalation attack. The flaw in the Dirty COW patch CVE-2016-5195, released in October 2016, was identified by...

CVE-2017-1000405

A flaw was found in the patches used to fix the 'dirtycow' vulnerability CVE-2016-5195. An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages. Mitigation Disabling the use of zero page: It is possible to prevent the zero...

CVE-2017-5706

Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code...

Cisco FindIT Network Discovery Utility Local Arbitrary Code Execution Vulnerability

Cisco FindIT Network Discovery Utility is a network device manager from Cisco USA. The product provides management functions for Cisco network devices. A local arbitrary code execution vulnerability exists in Cisco FindIT Network Discovery Utility that originates when the program loads a maliciou...

Cisco Immunet antimalware installer untrustworthy search path vulnerability

Cisco Immunet antimalware is a set of malware protection programs from Cisco USA. installer is one of the installers. An untrusted search path vulnerability exists in the installer of Cisco Immunet antimalware, which results from insufficient input detection of paths and filenames before loading ...

PT-2017-3132 · Intel · Intel Management Engine +3

Name of the Vulnerable Software and Affected Versions: Intel Manageability Engine Firmware versions 8.x through 11.20 Description: The issue is related to multiple buffer overflows in Active Management Technology AMT that can be exploited by an attacker with local access to the system, allowing...

UBUNTU-CVE-2017-16837

Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module TPM by hooking these function pointers...

The vulnerability of the `load_elf_binary` function in the Linux operating system’s kernel allows a hacker to execute arbitrary code.

The vulnerability of the loadelfbinary function in the Linux operating system’s kernel arises from the improper allocation of the address range for the binary file PIE. This occurs when the CONFIGARCHBINFMTELFRANDOMIZEPIE configuration option is enabled, and the usual strategy for allocating...

Bitdefender Total Security Local Code Execution Vulnerability (CNVD-2017-35574)

Bitdefender Total Security is a security solution. A local code execution vulnerability exists in Bitdefender Total Security. A local attacker can exploit this issue to execute arbitrary code in the context of an affected application...

Bitdefender Total Security Local Code Execution Vulnerability

Bitdefender Total Security is a security solution. A local code execution vulnerability exists in Bitdefender Total Security. A local attacker can exploit this issue to execute arbitrary code in the context of an affected application...

IrfanView buffer overflow vulnerability (CNVD-2017-30376)

IrfanView is a Bosnia and Herzegovina software developer Irfan Skiljan developed a picture viewer, which supports image browsing, image editing, image format conversion, etc. PDF plugin is one of the PDF document reading plug-ins. IrfanView 4.44 32-bit in the PDF plugin version 4.43 there is a...

CVE-2017-5721

Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory...

STDU Viewer Buffer Overflow Vulnerability (CNVD-2017-30323)

STDU Viewer is a free file viewer that supports multiple formats. The program supports TIFF, PDF, DjVu, XPS and WWF formats. A buffer overflow vulnerability exists in STDU Viewer version 1.6.375. A local attacker can exploit this vulnerability with a specially crafted .djvu file to execute...

XnView Classic for Windows Buffer Overflow Vulnerability (CNVD-2017-27610)

XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A buffer overflow vulnerability exists in version 2.40 of XnView Classic for...