CVE-2023-1007

A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally...

CVE-2023-1007

A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally...

Improper access control

A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally...

CVE-2023-1010 vox2png vox2png.c heap-based overflow

A vulnerability classified as critical was found in vox2png 1.0. Affected by this vulnerability is an unknown functionality of the file vox2png.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used...

CVE-2023-1007 Twister Antivirus IoControlCode filmfd.sys 0x801120E4 access control

A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally...

K53197140: BIG-IP iControl REST and tmsh vulnerabilities CVE-2022-26835

Security Advisory Description Directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell tmsh commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files...

PT-2023-16611 · Unknown · Cxasm Notepad

Name of the Vulnerable Software and Affected Versions: cxasm notepad version 1.22 Description: A problematic issue was found in the Directory Comparison Handler component, which can be exploited to cause denial of service. The attack must be launched locally. Recommendations: For cxasm notepad...

PT-2023-16590 · Phjounin · Tftpd64-Se

Name of the Vulnerable Software and Affected Versions: phjounin TFTPD64-SE version 4.64 Description: A critical issue affects the processing of the file tftpd64 svc.exe, leading to an unquoted search path. The manipulation can be exploited locally, with a rather high complexity of attack and...

SUSE CVE-2005-1263

The elfcoredump function in binfmtelf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the createelftables function, causes a negative length argument to pass ...

SUSE CVE-2007-1592

net/ipv6/tcpipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6flsocklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service OOPS or double free by opening a listening IPv6 socket, attaching a flow label, and connecting to...

SUSE CVE-2009-1336

fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service OOPS via a long filename, related to the encodelookup function...

SUSE CVE-2010-0407

Multiple buffer overflows in the MSGFunctionDemarshall function in winscardsvc.c in the PC/SC Smart Card daemon aka PCSCD in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled...

SUSE CVE-2011-1658

ld.so in the GNU C Library aka glibc or libc6 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a 1 setuid or 2 setgid program with this RPA...

SUSE CVE-2013-4270

The netctlpermissions function in net/sysctlnet.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application...

SUSE CVE-2014-0102

The keyringdetectcycleiterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service OOPS via crafted keyctl commands...

SUSE CVE-2014-9419

The switchto function in arch/x86/kernel/process64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage TLS descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application...

SUSE CVE-2016-10723

An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oomlock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator e.g., via concurrent page fault...

SUSE CVE-2017-7796

On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file...

SUSE CVE-2017-16996

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging register truncation mishandling...

SUSE CVE-2018-19407

The vcpuscanioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service NULL pointer dereference and BUG via crafted system calls that reach a situation where ioapic is uninitialized...