CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-6755 – True Key (TK) Windows Client - Weak Directory Permission Vulnerability
https://notcve.org/view.php?id=CVE-2018-6755
06 Dec 2018 — Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. Vulnerabilidad de permisos débiles de directorio en el cliente de Microsoft Windows en McAfee True Key (TK) 5.1.230.7 permite que usuarios locales ejecuten código arbitrario mediante malware especialmente manipulado. McAfee True Key version 5.1.173.1 on Windows 10 1809 has multiple issues in the implementation of the McA... • https://packetstorm.news/files/id/150733 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-6756 – True Key (TK) Windows Client - Authentication Abuse vulnerability
https://notcve.org/view.php?id=CVE-2018-6756
06 Dec 2018 — Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware. Vulnerabilidad de abuso de autenticación en Microsoft Windows Client en McAfee True Key (TK) 5.1.230.7 permite que usuarios locales ejecuten comandos no autorizados mediante malware especialmente manipulado. McAfee True Key version 5.1.173.1 on Windows 10 1809 has multiple issues in the implementation of the McAfee.Tru... • https://packetstorm.news/files/id/150733 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-6757 – True Key (TK) Windows Client - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2018-6757
06 Dec 2018 — Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. En unflatten de GraphicBuffer.cpp, hay un posible cierre erróneo de fd debido a la validación de entradas incorrecta. Esto podría llevar a un escalado de privilegios local en el servidor del sistema sin necesitar privilegios de ejecución adicionales. No se necesita interacción del usuario para explotarlo. Producto: Android. • https://packetstorm.news/files/id/150733 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16359
https://notcve.org/view.php?id=CVE-2018-16359
02 Sep 2018 — Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS. Google gVisor en versiones anteriores al 2018-08-23, en el sandbox seccomp, permite el acceso a la llamada del sistema renameat, que permite que los atacantes renombren archivos en el sistema operativo host. • https://bugs.chromium.org/p/project-zero/issues/detail?id=1632 •
CVSS: 9.8EPSS: 21%CPEs: 16EXPL: 3CVE-2017-11282 – Adobe Flash - Out-of-Bounds Read in applyToRange
https://notcve.org/view.php?id=CVE-2017-11282
14 Sep 2017 — Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. Adobe Flash Player tiene una vulnerabilidad de corrupción de memoria explotable en el analizador sintáctico de átomos MP4. La explotación con éxito de esta vulnerabilidad podría permitir la ejecución arbitraria de código. • https://bugs.chromium.org/p/project-zero/issues/detail? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6956
https://notcve.org/view.php?id=CVE-2017-6956
05 Apr 2017 — On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE). En el Broadcom Wi-Fi HardMAC SoC con firmware fbt, se produce un desbordamiento del búfer de la pila al manejar una respuesta de autenticación 802.11r (FT), que conduce a la ejecución remota de código a través de un punto de ac... • https://bugs.chromium.org/p/project-zero/issues/detail?id=1059 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 10%CPEs: 2EXPL: 6CVE-2017-0358 – ntfs-3g: Modprobe influence vulnerability via environment variables
https://notcve.org/view.php?id=CVE-2017-0358
02 Feb 2017 — Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. ... Jann Horn, de Google Project Zero, descubrió que NTFS-3G, un controlador NTFS de lectura-escritura para FUSE, no limpia en profundidad el entorno antes de ejecutar modprobe con privilegios elevados. • https://packetstorm.news/files/id/141882 • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 79%CPEs: 54EXPL: 1CVE-2017-3823 – Cisco WebEx Chrome Extension Remote Command Execution
https://notcve.org/view.php?id=CVE-2017-3823
01 Feb 2017 — An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. ... Se descubrió un problema en Cisco WebEx Extension en versiones anteriores a 1.0.7 en Google Chrome, el ActiveTouch General Pluging Container en versiones anter... • https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 9EXPL: 2CVE-2016-6772 – Google Android - WifiNative::setHotlist Stack Overflow
https://notcve.org/view.php?id=CVE-2016-6772
22 Dec 2016 — An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351. • https://bugs.chromium.org/p/project-zero/issues/detail? • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 2CVE-2016-6707 – Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap
https://notcve.org/view.php?id=CVE-2016-6707
25 Nov 2016 — An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622. Una vulnerabilidad de elevación de privilegio en System Server en Android 6.x en versiones ante... • https://bugs.chromium.org/p/project-zero/issues/detail?id=928 • CWE-264: Permissions, Privileges, and Access Controls •