Page 8 of 49 results (0.018 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file. Escribir en un archivo no privilegiado desde un proceso OVRRedir.exe privilegiado en Oculus Desktop versiones anteriores a 1.44.0.32849 en Windows, permite a usuarios locales escribir en archivos arbitrarios y, en consecuencia, conseguir privilegios por medio de vectores que involucran un enlace físico en un archivo de registro. • https://www.facebook.com/security/advisories/cve-2020-1885 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 1

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. Una inyección de código en Nextcloud Desktop Client versión 2.6.2 para macOS, permite cargar código arbitrario cuando se inicia el cliente con DYLD_INSERT_LIBRARIES establecido en el entorno. • https://hackerone.com/reports/633266 https://nextcloud.com/security/advisory/?id=NC-SA-2020-016 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1

Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0. Docker Desktop permite una escalada de privilegios locales a NT AUTHORITY\SYSTEM porque maneja inapropiadamente la colección de diagnósticos con privilegios de Administrador, conllevando a sobrescrituras de permisos de la DACL arbitrarios y escrituras arbitrarias de archivos. Esto afecta a Docker Desktop Enterprise versiones anteriores a 2.1.0.9, Docker Desktop for Windows Stable versiones anteriores a 2.2.0.4 y Docker Desktop for Windows Edge versiones anteriores a 2.2.2.0. • https://github.com/spaceraccoon/CVE-2020-10665 https://docs.docker.com/release-notes https://github.com/active-labs/Advisories/blob/master/2020/ACTIVE-2020-002.md • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration Leanote-desktop v2.5 es vulnerable to XSS, que conduce a la ejecución de código debido a la integración de nodos habilitada. • https://github.com/leanote/desktop-app/commit/a2ed226637f8e66c9b089784b5e58eccf2e2fb30 https://github.com/leanote/leanote/issues/695 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. Spiceworks Desktop en versiones anteriores a 01-12-2015 tiene un XSS a través de una respuesta SNMP. • https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •