CVE-2019-8372

HIGH Year: 2019
CVSS v3 Score
7.0
High
CVSS v2 Score
6.9
Medium
Weakness Type
CWE-59
View all →

Vulnerability Description

The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.

Related Vulnerabilities

CVE-2004-0217

HIGH
CVSS:7.0(High)

The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpd...

CWE-592004

CVE-2009-1143

HIGH
CVSS:7.0(High)

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in moun...

CWE-592009

CVE-2016-6664

HIGH
CVSS:7.0(High)

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona...

CWE-592016

CVE-2018-6557

HIGH
CVSS:7.0(High)

The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issu...

CWE-592018

CVE-2019-13226

HIGH
CVSS:7.0(High)

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileg...

CWE-592019

CVE-2019-18932

HIGH
CVSS:7.0(High)

log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directo...

CWE-592019