4828 matches found
kernel: use-after-free in route4_change() in net/sched/cls_route.c
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. T...
Design/Logic Flaw
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files...
CVE-2021-22385
A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution...
Adobe Character Animator 4.0 < 4.4 Multiple Vulnerabilities (APSB21-59)
The version of Adobe Character Animator installed on the remote Windows host is prior to 4.4. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-59 advisory. - Adobe Character Animator version 4.2 and earlier is affected by a memory corruption vulnerability when...
CVE-2021-22318
A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability. Local attackers may exploit this vulnerability to cause system denial of service...
Polkit D-Bus Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' class MetasploitModule 'Polkit D-Bus Authentication Bypass', 'Description' = %q A vulnerability exists within the polkit system service that can be...
CVE-2021-32537
Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause the system crashed...
Design/Logic Flaw
Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause the system crashed...
Google Android elevation of privilege vulnerability (CNVD-2021-45831)
Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android 11. The vulnerability arises due to a post-release reuse due to a race condition when decrypting CryptoPlugin.cpp. An...
Google Android phNxpNciHal_ext.cc Elevation of Privilege Vulnerability
Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android phNxpNciHalext.cc. An attacker can exploit this vulnerability to cause a local elevation of privilege...
Google Android drm_syncobj.c elevation of privilege vulnerability
Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. Google Android drmsyncobj.c suffers from an elevation of privilege vulnerability. An attacker can exploit this vulnerability to cause a local elevation of privilege...
Google Android onLoadFailed elevation of privilege vulnerability
Google Android is a Linux-based open source operating system of the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android onLoadFailed. An attacker can exploit this vulnerability to cause a local elevation of privilege...
Google Android Information Disclosure Vulnerability (CNVD-2021-44940)
Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An information disclosure vulnerability exists in Google Android 11. The vulnerability arises due to an out-of-bounds read due to a heap buffer overflow in getBlockSum of fastcodemb.cpp. ...
Vulnerability found in Lexmark drivers
An IBM X-Force researcher has discovered a vulnerability in the LMbdsvc component in the Lexmark printer drivers for Windows. The vulnerability allows a locally authenticated malicious person to able to execute arbitrary code under system privileges. One and all is described in the following...
OESA-2021-1232 avahi security update
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared...
USN-4991-1 libxml2 vulnerabilities
Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or possibly cause libxml2 to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM...
CVE-2020-35759
bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content Locally/Remotely...
Google Android elevation of privilege vulnerability (CNVD-2021-43396)
Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. Google Android suffers from an elevation of privilege vulnerability. The vulnerability stems from an out-of-bounds write due to an integer overflow in the memory management driver. An...
CVE-2021-25392
CVE-2021-25392 concerns Samsung DeX backup path configuration. The Red Hat/NVD/CVE entries describe an improper protection of the backup path, enabling a local attacker to access sensitive information by changing the path. Affected component is the Dex-related backup path handling; the root cause...
Google Android System elevation of privilege vulnerability (CNVD-2021-44326)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the System component of Google Android. An attacker can exploit the vulnerability to cause a local escalation of...