Google Android Elevation of Privilege Vulnerability (CNVD-2022-43858)

Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which stems from an integer overflow in libstagefright that could result in an out-of-bounds write. An attacker could exploit this vulnerability to caus...

CVE-2017-20012

A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This...

CVE-2017-20012

A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This...

Design/Logic Flaw

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, was found in WEKA INTEREST Security Scanner up to 1.8. This affects an unknown part of the component LAN Viewer. The manipulation with an unknown input leads to denial of service. Attacking locally is a requirement. T...

CVE-2017-20015

CVE-2017-20015 affects WEKA INTEREST Security Scanner up to version 1.8, specifically the LAN Viewer component. A denial-of-service can be caused by manipulating an unknown input, with local access required. The vulnerability is exploitable via locally triggered input, and the exploit has been di...

CVE-2017-20012 WEKA INTEREST Security Scanner Stresstest Scheme denial of service

A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This...

PT-2022-7884 · Weka · Weka Interest Security Scanner

Name of the Vulnerable Software and Affected Versions: WEKA INTEREST Security Scanner version 1.8 Description: A problem was found in the HTTP Handler component of the software. This issue can be exploited by manipulating an unknown input, leading to denial of service. The attack can be launched ...

CVE-2021-27473 Rockwell Automation Connected Components Workbench Improper Input Validation

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive...

USN-5339-1: Linux kernel vulnerabilities

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 releaseagent feature. A local attacker could use this to gain administrative privileges. CVE-2022-0492 It was discovered that an out-of-bounds OOB memory acces...

Vulnerabilities fixed in mariadb

Vulnerabilities have been fixed in mariadb 10.2.43. Due to an error in the handling and validation of database queries, a local attacker is able to crash the application or increase the user privileges to service account privileges. -= SUSE =- SUSE has made updates available to address the...

USN-5318-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-25636 Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida...

Google Android 数据伪造问题漏洞

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in Google Android versions prior to 12. The vulnerability stems from an incorrect programmatic call to an advanced local procedure. An attacker could use this vulnerability to...

snapd 后置链接漏洞

Snapd is an open source, cross-platform package management tool. snapd suffers from a security vulnerability that can be exploited by local attackers to cause snapd to restrict the execution of other arbitrary binaries, thereby gaining privileged escalation...

CVE-2021-3560

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this...

ESET Endpoint Antivirus Unnecessary Privileges Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of ESET Endpoint Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the use of...

DEBIAN-CVE-2021-4034

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters coun...

Lg Electronics Lg WebOs 安全漏洞

Lg Electronics Lg WebOs is a Linux kernel-based smart TV operating system from Lg Electronics, a South Korean company. A security vulnerability exists in Lg Electronics Lg WebOs, which stems from a setup environment error and can be exploited by a local attacker by performing certain actions...

polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters coun...

PT-2022-1638 · Mariadb +10 · Mariadb +11

Name of the Vulnerable Software and Affected Versions: MariaDB affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this issue. The specific flaw exists within the processi...

CVE-2022-0013

The CVE-2022-0013 entry concerns a file information exposure in Palo Alto Networks Cortex XDR agent during support file generation. A local attacker can read arbitrary files with elevated privileges. Affected versions include Cortex XDR agent: 5.0 prior to 5.0.12; 6.1 prior to 6.1.9; 7.2 prior to...