4 results (0.015 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit. Se presenta una vulnerabilidad de escalada de privilegios explotable en la versión del controlador 6.3.32-3 de Wacom, servicio auxiliar de actualización en el comando startProcess. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0760 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this vulnerability to raise load arbitrary launchD agents. An attacker would need local access to the machine for a successful exploit. Se presenta una vulnerabilidad de escalada de privilegios explotable en la versión del controlador 6.3.32-3 de Wacom, servicio auxiliar de actualización en el comando start/stopLaunchDProcess. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0761 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program. nvSCPAPISvr.exe en el servicio del controlador NVIDIA Stereoscopic 3D, y distribuido con el controlador NVIDIA anterior a v307.78, y Release v310 anterior a v311.00, en Windows, falta el carácter "(comillas dobles) en la ruta del servicio, lo que permite a usuarios locales obtener privilegios a través de un Troyano. • http://www.kb.cert.org/vuls/id/957036 http://www.nvidia.com/object/product-security.html •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program. daemonu.exe (también conocido como NVIDIA Update Service Daemon), distribuido con los controladores NVIDIA anterior a v307.78 y Release v310 anterior a v311.00, en Windows, le falta el carácter "(comillas dobles) en la ruta del servicio, lo que permite a usuarios locales obtener privilegios a través de un Troyano. • http://www.kb.cert.org/vuls/id/957036 http://www.nvidia.com/object/product-security.html •