CVE-2020-28015

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character...

CVE-2021-21544

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user...

kernel: iscsi: unrestricted access to sessions and handles

A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system...

Aruba Networks AirWave Management Platform Command Injection Vulnerability (CNVD-2021-15035)

Aruba Networks AirWave Management Platform is a suite of network management software for multi-vendor management from Aruba Networks. The software provides real-time monitoring, proactive alerting and historical data reporting. A command injection vulnerability exists in the CLI of Aruba Networks...

CVE-2021-27364

An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsitransportiscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages...

Aruba ClearPass Policy Manager elevation of privilege vulnerability (CNVD-2021-13472)

Aruba ClearPass Policy Manager is a network access control NAC solution. An elevation of privilege vulnerability exists in ClearPass OnGuard prior to Aruba ClearPass Policy Manager versions 6.9.5, 6.8.8-HF1, and 6.7.14-HF1, which can be exploited by a locally authenticated user on Windows platfor...

IBM Spectrum Scale Log Poisoning Vulnerability

IBM Spectrum Scale is a high-performance shared disk file management solution that gives you fast, reliable access to data from multiple servers. A log casting vulnerability exists in IBM Spectrum Scale 5.0.0 - 5.0.5.4, 5.1.0. A local user can exploit this vulnerability to impact support and...

sudo: Heap buffer overflow in argument parsing

A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command by default, any local user can execute sudo without authentication. Successful exploitation of this flaw coul...

CVE-2020-25723

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on t...

Security Bulletin: Multiple IBM DB2 Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt

Summary Multiple IBM DB2 Server security vulnerabilities affect IBM Emptoris Supplier Lifecycle Mgmt. Vulnerability Details CVEID: CVE-2020-4386 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitiv...

Linux kernel memory leak vulnerability (CNVD-2020-52395)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory leak vulnerability exists in the Linux Kernel's Ethernet driver. The vulnerability stems from a problem with...

CVE-2020-11519

The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a \.\SecureDocDevice handle. Exploiting this vulnerability results in privileged code execution...

Unspecified Vulnerability in QuickBox

QuickBox is a media server application and service management system from the QuickBox team. The system supports the installation and management of applications using dashboards that enable users to interact with media servers. A security vulnerability exists in QuickBox Community Edition 2.5.5 a...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw in the PPP over Ethernet implementation that allowed a remote user to cause a denial of service...

CVE-2020-8426

The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user...

CVE-2015-3147

The CVE-2015-3147 issue affects ABRT’s daemon, specifically daemon/abrt-handle-upload.in, where moving reports from /var/spool/abrt-upload can be manipulated via a symbolic link to write to arbitrary files (or cause other impacts) on the system. The vulnerability arises from a symlink attack agai...

CVE-2016-5346

An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AFMSMIPC sockets, which could let a local malicious user obtain sensitive information Android Bug ID...

CVE-2010-3359

If LDLIBRARYPATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account...

CVE-2019-3731

RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of...

QEMU: pcnet: integer overflow leads to buffer overflow

An integer overflow issue was found in the AMD PC-Net II NIC emulation in QEMU. It could occur while receiving packets, if the size value was greater than INTMAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process resulting i...