CVE-2023-20615

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629572; Issue ID: ALPS07629572...

CVE-2022-38775

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account...

CVE-2022-38774

An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account...

PT-2023-13652 · Elastic · Endpoint Security

Name of the Vulnerable Software and Affected Versions: Elastic Endpoint Security for Windows affected versions not specified Description: An issue was discovered in the rollback feature, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account...

CVE-2023-22745 Buffer Overlow in TSS2_RC_Decode in tpm2-tss

tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array...

VulnCheck KEV: CVE-2022-23714

A local privilege escalation LPE issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account...

CVE-2022-37865

With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. A...

Security Bulletin: Privilege escalation vulnerability in IBM DB2's Audit Facility (CVE-2013-3475).

Abstract Vulnerability in IBM DB2's Audit Facility could allow an escalation of privilege attack. Content VULNERABILITY DETAILS CVE ID: CVE-2013-3475 Description: The IBM DB2 products listed below contain a security vulnerability in the DB2 Audit Facility which allows an attacker to gain DB2...

CVE-2022-20373

In st21nfclocsetpolaritymode of fc/st21nfc.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2022-26442

In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420051; Issue ID: GN20220420051...

CVE-2022-34866

Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where...

CVE-2022-34866

Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where...

PT-2022-22402 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Passage Drive versions v1.4.0 to v1.5.1.0 Passage Drive for Box version v1.0.0 Description: The issue is related to insufficient data verification for interprocess communication, which can be exploited by running a malicious program. This...

Passage Drive vulnerable to insufficient data verification

Overview Passage Drive provided by Yokogawa Rental & Lease Corporation contains an insufficient data verification vulnerability for interprocess communication CWE-20. Yokogawa Rental & Lease Corporation reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...

Elastic 安全漏洞

Elastic is the Netherlands Elastic company's set of open source distributed RESTful search engine built on Lucene . The product is primarily used in cloud computing and supports data indexing using JSON over HTTP. A security vulnerability exists in Elastic Endpoint Security for Windows. An attack...

CVE-2022-31594

A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system...

CVE-2022-21755

In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545464; Issue ID: ALPS06545464...

CVE-2022-23743

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...

CVE-2022-23743

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...

PT-2022-16245 · Check Point · Zonealarm

Name of the Vulnerable Software and Affected Versions: Check Point ZoneAlarm versions prior to 15.8.200.19118 Description: The issue allows a local actor to escalate privileges during the upgrade process. Additionally, weak permissions in the ProgramDataCheckPointZoneAlarmDataUpdates directory...