New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability

Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. "This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their...

CVE-2021-1008

In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2021-37322

A use-after-free flaw was found in binutils’ cxxfilt functionality. The attack needs to be initiated locally where an attacker could convince a victim to read a specially crafted file which is processed by cxxfilt, leading to disclosure of memory and possibly leading to the execution of arbitrary...

CVE-2021-42993

FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Pack...

CVE-2021-42988

Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler 0x22001B in the USB Network Gate above 7.0.1370 below 9.2.2420 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

CVE-2021-42683

CVE-2021-42683 affects Accops HyWorks Windows Client prior to 3.2.8.200. The IOCTL Handler 0x22001B allows local attackers to trigger a kernel-mode arbitrary-code execution or a denial of service via specially crafted I/O Request Packets. Impact: potential kernel compromise or memory corruption l...

CVE-2021-43003

Amzetta zPortal Windows zClient is affected by an integer overflow in IOCTL Handler 0x22001B (v3.2.8180.148 and earlier). Local attackers can trigger memory corruption to execute arbitrary kernel‑mode code or cause a denial of service by sending crafted I/O Request Packets. Connected sources (Red...

Eltima Usb Network Gate安全漏洞

Eltima Usb Network Gate is a powerful software from United Arab Emirates. It is used for remote Usb access via Internet or Lan. A security vulnerability exists in Eltima Usb Network Gate, which originates from the IOCTL handler 0x22001B in USB Network Gate above 7.0.1370 and below 9.2.2420 that c...

Null pointer dereference

A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause System functions which are unavailable...

CVE-2021-22471

A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash...

CVE-2021-22467

A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address...

CVE-2021-22455

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause the memory which is not released...

CVE-2021-22456

Technical details about CVE-2021-22456 are not publicly provided in the supplied documents. Monitor for updates from HarmonyOS/Huawei advisories and related CVE pages.

Huawei HarmonyOS 资源管理错误漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. Huawei HarmonyOS 2.0 previously had a security vulnerability that could be exploited by a local attacker to cause a kernel information leak...

CVE-2021-34755

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory...

NewStart CGSL CORE 5.05 / MAIN 5.05 : libX11 Vulnerability (NS-SA-2021-0161)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libX11 packages installed that are affected by a vulnerability: - An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled...

CVE-2021-34857

Parallels Desktop 16.1.3 (49160) is affected by CVE-2021-34857 due to a Toolgate out-of-bounds write caused by insufficient input validation. This local privilege-escalation flaw allows an attacker able to execute high-privileged code on the guest to run arbitrary code in the hypervisor context. ...

Design/Logic Flaw

An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the filesystem of Junos OS allows a local authenticated attacker to cause routing process daemon RPD to crash and restart, causing a Denial of Service DoS. Repeated actions by the attacker will create a...

CVE-2020-4951

CVE-2020-4951 affects IBM Cognos Analytics 11.1.7 and 11.2.0, where locally cached browser data could allow a local attacker to obtain sensitive information. The issue is an information-disclosure vulnerability; no exploit details are provided in the documents. Remediation recommended: upgrade to...

Design/Logic Flaw

A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901...