CVE-2017-20040

The CVE-2017-20040 entry concerns SICUNET Access Controller 0.32-05z, specifically the Password Storage component. The vulnerability is described as enabling weak encryption due to manipulation of password storage, with exploitation requiring local access. No explicit exploit details, affected ve...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue in the file system notification feature. A local attacker exploiting this...

CVE-2019-25062

A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be us...

Qualcomm 芯片数据伪造问题漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits including primarily semiconductor devices, but also passive components, etc., and from time to time are manufactured on the surface of semiconductor wafers. A data forgery problem vulnerability exists in sever...

CVE-2019-25062

The CVE-2019-25062 issue affects Sricam IP CCTV Camera, specifically the Device Viewer component. The connected sources describe a memory corruption vulnerability caused by a stack-based/out-of-bounds condition, enabling local exploitation. The vulnerability is rated high across multiple database...

PUB-A-197614484

In nftflushtable of nftablesapi.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2022-26532

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series...

Integer Overflow

org.springframework.security:spring-security-crypto is vulnerable to integer overflows. The encoder does not perform any salt rounds when the BCrypt class is used with the maximum work factor31, allowing a local authenticated attacker to cause an integer overflow error resulting in the attacker...

CVE-2021-3899

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root...

CVE-2022-24611

Denial of Service DoS in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs...

Improper access control

Improper access control for some 3rd Generation IntelR XeonR Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access...

CVE-2022-20734

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerabilit...

CVE-2022-20111

In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366069; Issue ID: ALPS06366069...

CVE-2022-27239

CVE-2022-27239 affects cifs-utils up to version 6.14, due to a stack-based buffer overflow when parsing the mount.cifs ip= argument, enabling local attackers to gain root privileges. A patched version is available (e.g., cifs-utils 6.14-2 and later per advisories). Remediation is to update to a f...

SUSE-SU-2022:1257-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space...

CVE-2022-26414

A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30ABFX.5C0, which could be exploited by a local authenticated attacker to cause a denial of service...

Design/Logic Flaw

An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally...

Beego 后置链接漏洞

Beego is an open source web framework based on the Go language. A backward linking vulnerability in the file profile.go in the function GetCPUProfile in Beego 2.0.2 and earlier versions allows attackers to locally launch a symbolic link attack...

Google Android 权限许可和访问控制问题漏洞

Google Android is a Linux-based open source operating system from Google, Inc. An elevation-of-privilege vulnerability exists in Google Android, which originates in several functions in LauncherApps.java and could result in an elevation-of-privilege situation due to a logic error in the code. An...

Google Android Elevation of Privilege Vulnerability (CNVD-2022-43860)

Google Android is a Linux-based open-source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which stems from a lack of privilege checks in Dialer and could allow an attacker to manipulate visual voicemail settings. An attacker could exploit the...