DEBIAN-CVE-2021-4159

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating som...

Security Bulletin: IBM Systems Director Storage Control is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details Abstract Security Bulletin: IBM Systems Director Storage Control is affected by vulnerabilities in OpenSSL CVE-2014-0160 and CVE-2014-0076 Content Vulnerability Details: CVE-ID : CVE-2014-0160 Description :...

kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nftablesapi.c. This flaw allows a local attacker with user access to cause a privilege escalation issue...

Exploit for CVE-2022-36163

CVE-2022-36163 Suggested description A format string vul...

CVE-2022-20332

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel route4change, which stems from reuse after release, allowing a locally privileged attacker to crash the system, potentially...

CVE-2022-36829

PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent...

CVE-2022-33728

CVE-2022-33728 concerns Samsung Mobile devices where Bluetooth before SMR Aug-2022 Release 1 exposes the connected Bluetooth MAC address via Settings.Global. The issue is local: an attacker on the device can access the MAC address without user interaction. Root cause is a leakage in Bluetooth set...

PT-2022-23313 · Trend Micro · Trend Micro Apex One +1

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Worry-Free Business Security affected versions not specified Description: A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security...

CVE-2022-36955

In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1...

Apple macOS Monterey 权限许可和访问控制问题漏洞

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. Apple macOS Monterey prior to version 12.5 is vulnerable to a privilege-granting and access-control issue vulnerability that stems from Spotlight failing to properly impose security...

CVE-2022-1984

HYPR CVE-2022-1984 affects HYPR Windows WFA versions prior to 7.2. It is described as an Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) that may allow locally authenticated attackers to elevate privileges via a malicious serialized payload. The underlying issue is insecure de...

CVE-2022-34890

CVE-2022-34890 affects Parallels Desktop 17.1.1 (51537) with the flaw in Parallels Tools. The issue arises from improper validation of a user-supplied value dereferenced as a pointer, enabling a local attacker with low privileges on the guest to disclose sensitive information and, in conjunction ...

ABB Automation Builder Platform Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of ABB Automation Builder Platform. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Design/Logic Flaw

Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log...

Google Android 输入验证错误漏洞

Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android System is vulnerable to an information disclosure vulnerability that stems from improper input validation and could access the user's credentials. An attacker could exploit the...

FortiClient (Windows) - Privilege Escalation via directory traversal attack

A relative path traversal vulnerability CWE-23 in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service...

CVE-2017-20121

CVE-2017-20121 affects Teradici Management Console 2.2.0, specifically the unknown functionality in the Database Management component. The root cause is described as manipulation that leads to improper privilege management, enabling a local attacker to launch the attack on the host. Publicized ex...

CVE-2017-20112

A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument --up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been...

Design/Logic Flaw

A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument --up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been...