CVE-2022-20135

In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12...

CVE-2021-20135

Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can ...

Cisco IOS XR Software Image Verification (cisco-sa-lnt-L9zOkBz5)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a...

CVE-2023-20135

creationtimestamp| type| source ---|---|--- 2023-09-13 20:23:48+00:00| seen| https://t.me/cibsecurity/70400...

CVE-2023-20135

Cisco IOS XR Software image verification checks contain a TOCTOU race condition during ISO image install queries, enabling an authenticated, local attacker to execute arbitrary code on the device. Affected component: image verification logic in IOS XR. Root cause: TOCTOU between ISO image modific...

XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API

Impact The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming...

CVE-2017-20135

CVE-2017-20135 affects Itech Dating Script 3.26. The vulnerability is in the file /see_more_details.php where manipulating the parameter id leads to an SQL injection. It can be exploited remotely, and the exploit has been disclosed publicly (references include Exploit-DB and related entries). Cur...

CVE-2022-20135

creationtimestamp| type| source ---|---|--- 2022-06-15 16:20:12+00:00| seen| https://t.me/cibsecurity/44488...

CVE-2022-20135

CVE-2022-20135 is tied to a parcel format mismatch in GateKeeperResponse.java (writeToParcel), causing local elevation of privilege in Android. Affected versions span Android-10, Android-11, Android-12, and Android-12L, with exploitation described as requiring local access and no user interaction...

CVE-2021-20135

creationtimestamp| type| source ---|---|--- 2021-11-03 06:23:30+00:00| seen| https://t.me/cibsecurity/31698...

CVE-2021-20135

Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can ...

CVE-2021-20135

CVE-2021-20135 affects Tenable Nessus up to and including version 8.15.2. The issue is a local privilege escalation that could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has provided a fix in Nessus 10.0.0. Evidence across multiple fe...

CVE-2018-20135

creationtimestamp| type| source ---|---|--- 2019-06-07 20:38:27+00:00| seen| https://t.me/cibsecurity/4761...

CVE-2018-20135

Samsung Galaxy Apps before 4.4.01.7 is vulnerable: an MITM-empowered attacker can cause the app store API to use a forged load-balancing hostname and bypass app-signature validation, enabling remote code execution on the device. Core issues include an HTTP method that obtains the load-balanced ho...