CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5012
https://notcve.org/view.php?id=CVE-2019-5012
An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit. Se presenta una vulnerabilidad de escalada de privilegios explotable en la versión del controlador 6.3.32-3 de Wacom, servicio auxiliar de actualización en el comando startProcess. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0760 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5013
https://notcve.org/view.php?id=CVE-2019-5013
An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this vulnerability to raise load arbitrary launchD agents. An attacker would need local access to the machine for a successful exploit. Se presenta una vulnerabilidad de escalada de privilegios explotable en la versión del controlador 6.3.32-3 de Wacom, servicio auxiliar de actualización en el comando start/stopLaunchDProcess. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0761 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •