56 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-54156
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sfc: fix crash when reading stats while NIC is resetting efxnetstats .ndogetstats64 can be called during an ethtool selftest, during which time nicdata-mcstats ...
EUVD-2019-16851
Malware in sbrugna...
EUVD-2018-8663
Malware in sbrugna...
EUVD-2024-54468
Malicious code in bioql PyPI...
EUVD-2024-54472
Malicious code in bioql PyPI...
CVE-2024-13960
Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 build 15592 on Windows 10 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU time-of-check to...
CVE-2024-9524
Link Following Local Privilege Escalation Vulnerability in System Speedup Service in Avira Operations GmbH Avira Prime Version 1.1.96.2 on Windows 10 x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a...
CVE-2024-13962
Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Gen Digital Inc. Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveragi...
CVE-2024-13944
Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and...
CVE-2024-9524
Link Following Local Privilege Escalation Vulnerability in System Speedup Service in Avira Operations GmbH Avira Prime Version 1.1.96.2 on Windows 10 x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a...
CVE-2024-9524 Privilege Escalation Vulnerability in Avira Prime Version 1.1.96.2
Link Following Local Privilege Escalation Vulnerability in System Speedup Service in Avira Operations GmbH Avira Prime Version 1.1.96.2 on Windows 10 x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a...
CVE-2024-9524 Privilege Escalation Vulnerability in Avira Prime Version 1.1.96.2
Link Following Local Privilege Escalation Vulnerability in System Speedup Service in Avira Operations GmbH Avira Prime Version 1.1.96.2 on Windows 10 x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a...
CVE-2024-9524
CVE-2024-9524 is a local privilege escalation affecting Avira Prime System Speedup Service on Windows 10 x64 (Avira Prime 1.1.96.2). The flaw arises from mishandling symbolic links and a TOCTTOU race, allowing a low-privileged attacker to create a symbolic link and escalate to SYSTEM to execute a...
CVE-2024-13960
AVG TuneUp for PC (Windows 10) is affected by a Local Privilege Escalation via the TuneUp Service in version 23.4 (build 15592). The root cause is the mishandling of symbolic links, enabling a TOCTTOU attack to escalate to SYSTEM and potentially execute arbitrary code; ZDI states an attacker must...
CVE-2024-13960 Link Following Local Privilege Escalation Vulnerability in AVG TuneUp Version 23.4
Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 build 15592 on Windows 10 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU time-of-check to...
Oracle Linux 7 : qemu (ELSA-2019-4556)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4556 advisory. - A flaw was found in qemu Media Transfer Protocol MTP before version 3.1.0. A path traversal in the in usbmtpwritedata function in hw/usb/dev-mtp.c du...
Oracle Linux 7 : qemu (ELSA-2019-4518)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4518 advisory. - usb-mtp: use ONOFOLLOW and OCLOEXEC. Gerd Hoffmann Orabug: 29056673 CVE-2018-16872 - pvrdma: add uarread routine Prasad J Pandit CVE-2018-20191 -...
GHSA-C3XM-PVG7-GH7R mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs
Summary runc 1.0.0-rc94 and earlier are vulnerable to a symlink exchange attack whereby an attacker can request a seemingly-innocuous container configuration that actually results in the host filesystem being bind-mounted into the container allowing for a container escape. CVE-2021-30465 has been...
Security Bulletin: Multiple Vulnerabilities in Ubuntu affect IBM Workload Scheduler 9.5
Summary Vulnerabilities CVE-2019-11484, CVE-2019-11485, CVE-2019-11483, CVE-2019-11482 have been found in Ubuntu and potentially affect container images of IBM Workload Scheduler 9.5 Vulnerability Details CVEID: CVE-2019-11484 DESCRIPTION: Ubuntu whoopsie package could allow a local authenticated...
EulerOS Virtualization for ARM 64 3.0.2.0 : qemu-kvm (EulerOS-SA-2020-1266)
According to the versions of the qemu-kvm packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In QEMU 3.0.0, tcpemu in slirp/tcpsubr.c has a heap-based buffer overflow.CVE-2019-6778 - A flaw was found in QEMU's...