Privilege escalation

When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005...

USN-5728-2 linux-azure-fde, linux-gke, linux-gkeop, linux-raspi-5.4 vulnerabilities

Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-427...

CVE-2022-43096

Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port...

CVE-2022-3967

A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is...

Design/Logic Flaw

A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is...

PT-2022-24985 · Unknown · Vesta Control Panel

Name of the Vulnerable Software and Affected Versions: Vesta Control Panel affected versions not specified Description: A critical issue was found in the sed Handler component of Vesta Control Panel, affecting an unknown function of the file func/main.sh. This issue leads to argument injection an...

CVE-2022-3967 Vesta Control Panel sed main.sh argument injection

A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is...

CVE-2022-3967 Vesta Control Panel sed main.sh argument injection

A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is...

PT-2022-25078 · Unknown · Devicemanagement

Name of the Vulnerable Software and Affected Versions: DeviceManagement versions prior to SMR Nov-2022 Release 1 Description: The issue is related to an improper access control vulnerability in the BootCompletedReceiver CMCC component of DeviceManagement. This vulnerability allows a local attacke...

CVE-2022-33185

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user accoun...

Exploit for Command Injection in Zmanda Amanda

Suggested description Amanda 3.5.1 has a flaw that allows...

多款F5产品 缓冲区错误漏洞

F5 BIG-IP and others are products of F5 Corporation, U.S.A. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features.F5 BIG-IQ is a software-based cloud management solution.F5 F5OS-A is an operati...

AZL-11116 CVE-2022-42720 affecting package kernel for versions less than 5.15.74.1-3

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers able to inject WLAN frames to trigger use-after-free conditions to potentially execute code...

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Event Streams

Summary There are a number of vulnerabilities in Node.js that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-32222 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. By attempting to read openssl.cnf from /home/iojs/build/ upon startup, an...

Netfilter nft_set_elem_init Heap Overflow Privilege Escalation

frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netfilter nftseteleminit Heap Overflow Privilege Escalation', 'Description' = %q An issue was discovered in the Linux...

CVE-2022-26929

A remote code execution vulnerability was found in dotnet. This flaw allows an attacker to perform arbitrary code execution, leading to a local attack on a user’s system...

mariadb: lack of proper validation of a user-supplied string before using it as a format specifier

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

PT-2022-5067 · Brocade · Brocade Fabric Os

Name of the Vulnerable Software and Affected Versions: Brocade Fabric OS versions prior to 7.4.2j Brocade Fabric OS versions prior to 8.2.0 cbn5 Brocade Fabric OS versions prior to 8.2.3c Brocade Fabric OS versions prior to 9.0.1e Brocade Fabric OS versions prior to 9.1.1 Description: The issue i...

CVE-2022-39845

CVE-2022-39845 concerns Samsung Kies prior to 2.6.4.22074, where an improper validation of the integrity check enables a local attacker to delete arbitrary directories via a directory junction. The entry is corroborated across multiple sources (NVD entry details, Red Hat advisory, CVE records) in...

PT-2022-24181 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.1.2 Description: The issue allows local attackers to bypass permission control, potentially gaining access to sensitive information. Recommendations: For OpenHarmony versions prior to 3.1.2, at the moment, ther...