Symantec PC Tools Internet Security has security vulnerabilities

Symantec PC Tools Internet Security is a comprehensive computer security protection software developed by Symantec Corporation. Symantec PC Tools Internet Security has a security vulnerability, which stems from improper access control in the PCTCore64.sys Windows kernel driver. This allows...

Electerm Local code through electerm's single-instance socket

Impact Local code execution without UI interaction: any same-user process can send a JSON payload to electerm's single-instance socket/pipe, causing the app to create tabs and potentially spawn attacker-controlled local processes. Affects electerm single-instance installs on the machine. Patches ...

IIT Bombay Bodhitree 代码注入漏洞

IIT Bombay Bodhitree is an online learning platform. A security vulnerability exists in IIT Bombay Bodhitree version cs101, which stems from incorrect input validation and a lack of restrictions on user processes, with malicious code injection, which could lead to Remote Code Execution RCE, syste...

CVE-2024-36054

Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily read kernel memory and consequently gain all privileges via IOCTL 0x9c4064b8 via MmMapIoSpace and IOCTL 0x9c406490 via ZwMapViewOfSection...

Graceful Logoff from a Published Application Renders the Session in Active State

Graceful logoffs from a published application launched in a seamless, fixed window, or as an RDP Initial Program, might result in the session not closing and the user being logged off. Sessions can be reset or exited correctly by manually resetting them, or by terminating remnant user processes i...

Graceful Logoff from a Published Application Renders the Session in Active State

Graceful logoffs from a published application launched in a seamless, fixed window, or as an RDP Initial Program, might result in the session not closing and the user being logged off. Sessions can be reset or exited correctly by manually resetting them, or by terminating remnant user processes i...

openSUSE Security Update : gdm (openSUSE-2019-310)

This update for gdm fixes the following issues : Security issue fixed : - CVE-2019-3825: Fixed a lock screen bypass when timed login was enabled bsc1124628. Other issues fixed : - GLX applications do not work well when the proprietary nvidia driver is used with a wayland session. Because of that...

Security update for gdm (moderate)

openSUSE Security Update: Security update for gdm Announcement ID: openSUSE-SU-2019:0310-1 Rating: moderate References: 1112294 1112578 1113245 1113700 1120307 1124628 Cross-References: CVE-2019-3825 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has 5 fixes is...

Modern OSs for embedded systems

At Kaspersky Lab we analyze the technologies available on cybersecurity market and this time we decided to look at what OS developers are offering for embedded systems or, in other words, the internet of things. Our primary interest is how and to what degree these OSs can solve...

Xen CMPXCHG8B Emulation Information Disclosure (XSA-200)

According to its self-reported version number, the Xen hypervisor installed on the remote host is missing a security update. It is, therefore, affected by an information disclosure vulnerability due to a flaw in the x86 instruction CMPXCHG8B when handling prefixes. This is triggered because legac...

Xen SYSCALL singlestep Handling Privilege Escalation (XSA-204)

According to its self-reported version number, the Xen hypervisor installed on the remote host is missing a security update. It is, therefore, affected by a privilege elevation vulnerability in the instruction emulator when handling SYSCALL by single-stepping applications. This is due to incorrec...

x86: Mishandling of SYSCALL singlestep during emulation

ISSUE DESCRIPTION The typical behaviour of singlestepping exceptions is determined at the start of the instruction, with a DB trap being raised at the end of the instruction. SYSCALL and SYSRET, although we don't implement it behave differently because the typical behaviour allows userspace to...

[SECURITY] Fedora 20 Update: rtkit-0.11-7.fc20

RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHEDRR i.e. realtime scheduling mode on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes...

Fedora Update for rtkit FEDORA-2013-17529

Check for the Version of rtkit OpenVAS Vulnerability Test Fedora Update for rtkit FEDORA-2013-17529 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

Microsoft Windows CSRSS LPC_PORT_CLOSED Information Disclosure (MS11-010; CVE-2011-0030)

The Client/Server Run-time Subsystem CSRSS is the user-mode portion of the Win32 subsystem. CSRSS is an essential subsystem that must be running at all times. CSRSS is responsible for console windows, and creating and/or deleting threads. An elevation of privilege vulnerability has been reported ...

Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037)

This host is missing a critical security update according to Microsoft Bulletin MS10-011. OpenVAS Vulnerability Test $Id: secpodms10-011.nasl 5361 2017-02-20 11:57:13Z cfi $ Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability 978037 Authors: Antu Sanadi Copyright: Copyrig...

Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037)

This host is missing a critical security update according to Microsoft Bulletin MS10-011. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...