CVE-2022-47351

In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed...

CVE-2021-43637

Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

CVE-2021-34987

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.1 49187. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

CVE-2021-32460

The Trend Micro Maximum Security 2021 v17 consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on t...

CVE-2021-27406

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in t...

CVE-2021-42996

Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in the Donglify above 1.0.12309 below 1.7.14110 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

CVE-2021-42980

NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request...

CVE-2021-39763

In Settings, there is a possible way to make the user enable WiFi due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:...

CVE-2021-35005

This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer...

CVE-2021-25381

Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P9.0 and below, and 12.1.1.3 in Android Q10.0 and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent...

CVE-2021-25355

Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent...

CVE-2021-0468

In LK, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

CVE-2021-34986

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.0 49183. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2020-25746

QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker with physical access to the device to obtain sensitive information via the debug interface keystrokes over a USB cable, aka wireless password visibility...

CVE-2020-10883

This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...

CVE-2020-36547

A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which itroduces hard-coded credentials. Attacking locally is a requirement. It is recommended to change the configuration settings...

CVE-2020-1848

There is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185C00R2P1. Local attackers construct malicious application files, causing system applications to run abnormally...

CVE-2020-9129

HUAWEI Mate 30 versions earlier than 10.1.0.159C00E159R7P2 have a vulnerability of improper buffer operation. Due to improper restrictions, local attackers with high privileges can exploit the vulnerability to cause system heap overflow...

CVE-2020-8290

Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in bztransmit helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary...

CVE-2020-5727

Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system...