macOS Remote Listeners Enumeration

Binary data macosxprocessonport.nbin...

CVE-2017-0462

An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...

CVE-2017-7208

The decoderesidual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service buffer over-read or obtain sensitive information from process memory via a crafted h264 video file...

GLSA-201702-32 : Ruby Archive::Tar::Minitar: Directory traversal

The remote host is affected by the vulnerability described in GLSA-201702-32 Ruby Archive::Tar::Minitar: Directory traversal Michal Marek discovered that Ruby Archive::Tar::Minitar is vulnerable to a directory traversal vulnerability. Impact : A remote attacker could entice a user or an automated...

CVE-2016-8659

Bubblewrap before 0.1.3 sets the PRSETDUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket...

VMware Workstation Invalid DACL Privilege Escalation Vulnerability - Windows

VMware Workstation is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apple Safari SearchInputType Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within SearchInputType...

QEMU: Multiple vulnerabilities

Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact A privileged user/process within a guest QEMU environment can cause a Denial of...

CVE-2016-8471

An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID:...

CVE-2017-0403

An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...

Adobe Reader DC XSLT namespace-alias Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XSLT's...

GLSA-201701-11 : musl: Integer overflow

The remote host is affected by the vulnerability described in GLSA-201701-11 musl: Integer overflow A vulnerability was discovered in musls tretnfarunparallel function buffer overflow logic, due to the incorrect use of integer types and missing overflow checks. Impact : An attacker, who controls...

GLSA-201701-02 : Bash: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201701-02 Bash: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Bash. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly execute arbitrary code with t...

Design/Logic Flaw

QEMU aka Quick Emulator built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged CAPSYSRAWIO user/process could use this flaw to leak or corrupt QEMU memory bytes...

CVE-2015-8743

QEMU aka Quick Emulator built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged CAPSYSRAWIO user/process could use this flaw to leak or corrupt QEMU memory bytes...

CVE-2016-9923

Quick Emulator Qemu built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS...

Windows 'Run As' Using Powershell

This module will start a process as another user using powershell. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 'Run As' Using Powershell', 'Description' = %q This module will start...

libvirt security, bug fix, and enhancement update

2.0.0-10 - virtlogd: Don't stop or restart along with libvirtd rhbz1372576 2.0.0-9 - Add helper for removing transient definition rhbz1368774 - qemu: Remove stale transient def when migration fails rhbz1368774 - qemu: Don't use query-migrate on destination rhbz1374613 - conf: allow hotplugging...

CVE-2016-5504

Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect confidentiality via vectors related to Supplier Portal...

CVE-2016-5504

The CVE-2016-5504 entry affects Oracle’s Agile Product Lifecycle Management for Process (PLM for Process) as part of Oracle Supply Chain Products Suite, specifically versions 6.1.0.4, 6.1.1.6, and 6.2.0.0. The vulnerability relates to the Supplier Portal component and enables local users to compr...