CVE-2024-3024

A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function getlayer4v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclose...

USN-6707-3 linux-aws, linux-aws-6.5 vulnerabilities

Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

PT-2024-10973 · Unknown +1 · Aops-Ceres +1

Name of the Vulnerable Software and Affected Versions: openEuler aops-ceres versions 1.3.0 through 1.4.1 Description: The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as 'OS Command Injection', which allows Command Injection. This problem is...

OESA-2024-1316 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful...

PT-2024-22471 · Freeimage +1 · Freeimage +1

Name of the Vulnerable Software and Affected Versions: FreeImage version 3.19.0 Description: The issue allows a local attacker to execute arbitrary code via the Imf 2 2::Xdr::read function when reading images in EXR format. This is a Buffer Overflow vulnerability in the open source FreeImage...

CVE-2024-22167 SanDisk PrivateAccess DLL Hijacking Vulnerability

A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user's vault or has already gained...

CVE-2024-22167

CVE-2024-22167 describes a local DLL hijacking vulnerability in Western Digital/SanDisk PrivateAccess for Windows. The issue could allow arbitrary code execution in the context of the system user when an attacker can access a user vault copy or has already gained system access; exploitation is lo...

CVE-2024-22167 SanDisk PrivateAccess DLL Hijacking Vulnerability

A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user's vault or has already gained...

CVE-2024-0154

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory...

CVE-2024-25989

In gpuslclivenessupdate of pixelgpuslc.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2024-19147 · Google · Android

Name of the Vulnerable Software and Affected Versions: TBD affected versions not specified Description: The issue is related to an Authentication Bypass due to improperly used crypto, which could lead to local escalation of privilege with no additional execution privileges needed. User interactio...

CVE-2024-20023

CVE-2024-20023 concerns the MediaTek/flashc component, where an out-of-bounds write can occur due to lack of validation. This could permit local escalation to SYSTEM privileges without user interaction. The issue is documented across several sources (e.g., NVD/Red Hat/NCSC etc.) and is associated...

CVE-2024-2007

CVE-2024-2007 concerns OpenBMB XAgent 1.0.0, specifically a vulnerability in the Privileged Mode component that enables sandbox issues. The root cause is described as a sandboxing failure allowing local exploitation, with the attack vector labeled as LOCAL and user interaction not required. The e...

PT-2024-6049 · Unknown +5 · Performance Co-Pilot +5

Name of the Vulnerable Software and Affected Versions: Performance Co-Pilot PCP affected versions not specified Description: A vulnerability has been identified in the Performance Co-Pilot PCP package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. This...

CVE-2024-0019

The CVE-2024-0019 issue affects Android’s AppOpsControllerImpl.setListening in the Framework. A missing check for active recordings can allow hiding the microphone privacy indicator when SystemUI restarts, enabling local denial of service without extra privileges. Impact is limited to DoS on the ...

Design/Logic Flaw

In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

Schneider Electric Easergy Studio InitializeChannel Deserialization of Untrusted Data Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric Easergy Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...

Design/Logic Flaw

DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service...

CVE-2023-32474

Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion...

runc (docker) File Descriptor Leak Privilege Escalation

All versions of runc use exploit/linux/local/runccwdprivesc msf exploitrunccwdprivesc show targets ...targets... msf exploitrunccwdprivesc set TARGET msf exploitrunccwdprivesc show options ...show and set options... msf exploitrunccwdprivesc exploit This module requires Metasploit:...