Earlier this year, Qualys discovered a heap-based buffer overflow in Sudo, named ‘Baron Samedit’ (CVE-2021-3156). Baron Samedit A vulnerability in the command line parameter parsing code of Sudo could allow an attacker with access to Sudo to execute commands or binaries with root privileges. Baron Samedit is exploitable by any local user (normal users and … Continue reading “Aruba AirWave Web-Based Management Interface Stored Cross Site Scripting (XSS) Vulnerability (CVE-2021- 37715)”
Tag: Out-of-Bounds
Parallels Desktop Privilege Escalation And Out-Of-Bounds Vulnerability(CVE-2020-8871)
Overview: On May 2020, Parallels company has released security patch to fix the vulnerability CVE-2020-8871. Vulnerability could allow local user on the guest OS to escalate privileges and execute code on the host. Bug present in Parallels Desktop for Mac, product of Parallels. Parallels Desktop for Mac is software providing hardware virtualization for Mac. To … Continue reading “Parallels Desktop Privilege Escalation And Out-Of-Bounds Vulnerability(CVE-2020-8871)”
Microsoft Windows Jet Database Engine Out-Of-Bounds Write Vulnerability: CVE-2018-8423
An Out-of-Bounds write vulnerability was disclosed to Microsoft. The issue affects Microsoft JET Database engine. Upon successful exploitation an attacker can gain code execution (current process context) on the target machine. To trigger this vulnerability, the target user needs to open a crafted file containing data stored in JET database format. Many Windows application use the … Continue reading “Microsoft Windows Jet Database Engine Out-Of-Bounds Write Vulnerability: CVE-2018-8423”