3793 matches found
UBUNTU-CVE-2021-28374
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's...
Metamorfo Banking Trojan Abuses AutoHotKey
The Metamorfo banking trojan is abusing AutoHotKey AHK and the AHK compiler to evade detection and steal users’ information, researchers have warned. AHK is a scripting language for Windows originally developed to create keyboard shortcuts i.e., hot keys. According to the Cofense Phishing Defense...
Vulnerability of the pcx_write_rle() function (contrib/japanese/gdev10v.c) in the software suite for processing, transforming, and generating Ghostscript documents, allowing a hacker to trigger a service failure
The vulnerability of the pcxwriterle function contrib/japanese/gdev10v.c in the software suite for processing, transforming, and generating Ghostscript documents is related to writing beyond buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service failures...
PT-2021-2287 · Microsoft · 365 Apps For Enterprise
Name of the Vulnerable Software and Affected Versions: Microsoft 365 Apps for Enterprise affected versions not specified Description: The issue is related to a component of Microsoft 365 Apps for Enterprise, specifically the Click-to-Run C2R package, which has a problem with incorrect code...
CVE-2020-13554
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with ...
CVE-2020-13554
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with ...
CVE-2020-13554
Advantech WebAccess/SCADA 9.0.1 contains multiple local privilege escalation flaws stemming from weak permissions and executable/file tampering in the installation directory. The TALOS-2020-1169 analysis describes various vectors, including webvrpcs Run Key registry entry and multiple binaries/ex...
UBUNTU-CVE-2021-3144
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...
SUSE-SU-2021:0631-1 Security update for salt
This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd bsc1182740 - Allow extrafilerefs as sanitized kwargs for SSH client - Fix errors with virt.update - Fix for multiple for security issues CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-31...
Apache Livy 跨站脚本漏洞
Apache Livy is an application server of the United States Apache Corporation . Provides support for programmatic , fault-tolerant , multi-tenant submission of Spark jobs from Web, mobile applications. A cross-site scripting vulnerability exists in Livy server version 0.7.0-incubating, which can b...
AZL-34547 CVE-2021-26720 affecting package avahi for versions less than 0.8-1
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...
AZL-6323 CVE-2021-26720 affecting package avahi for versions less than 0.8-1
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...
DEBIAN-CVE-2021-26720
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...
ALPINE-CVE-2021-26720
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...
UBUNTU-CVE-2021-26720
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...
CVE-2021-26720
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...
CVE-2021-26720
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...
CVE-2021-26720
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...
CVE-2020-13553
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with ...
Privilege escalation
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with ...