4827 matches found
CVE-2017-0567
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...
CVE-2017-0546
An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally...
CVE-2017-0544
An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1...
UBUNTU-CVE-2017-0567
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...
UBUNTU-CVE-2017-0565
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A...
CVE-2017-0332
An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel...
CVE-2016-8032
The CVE-2016-8032 entry concerns Intel Security Anti-Virus Engine (AVE) versions 5200–5800. According to the provided documents, a vulnerability in AVE allows a local attacker to bypass local security protections by supplying a crafted input file. The impact described is bypass of security protec...
The vulnerability of the Windows operating system, which allows a hacker to increase their privileges
The vulnerability of Windows operating system’s kernel mode drivers is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating locally, to enhance their privileges through a specially created application...
Linux Kernel (Ubuntu 14.04 LTS) SIGIO Signal
Title: Linux Kernel Ubuntu 14.04 LTS - Send a SIGIO Signal to process + Credits / Discovery: Nassim Asrir + Author Email: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: CVE-2017-7319 Vulnerable Version: =================== Kernel:...
macOS iBooks Parsing a maliciously crafted iBooks file lead to local file disclosure(CVE-2017-2426)
On a previous post about ePub parsers This book reads you - exploiting services and readers that support the ePub book format, I mentioned using scripting capabilities in ePub to perform local attacks against users. Apple just released a fix for one issue I reported last year in iBooks that allow...
CVE-2016-1602
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig usually root...
CVE-2017-5566
Code injection vulnerability in AVG Ultimate 17.1 and earlier, AVG Internet Security 17.1 and earlier, and AVG AntiVirus FREE 17.1 and earlier allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any AVG process via a "DoubleAgent" attack...
CVE-2017-5566
CVE-2017-5566 affects AVG Ultimate 17.1 and earlier, AVG Internet Security 17.1 and earlier, and AVG AntiVirus FREE 17.1 and earlier. The issue is a local code-injection vulnerability (DoubleAgent) that bypasses AVG’s self-protection by abusing Windows Application Verifier DLL loading via an Imag...
Windows Transaction Manager Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability ...
Microsoft Windows CVE-2017-0039 DLL Loading Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can leverage this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microso...
Microsoft Windows Graphics Component CVE-2017-0060 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Live Meeting 2007 Add-in Microsoft Live Meeting 2007 Console Microsoft Lync...
CVE-2017-0499
A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713...
CVE-2017-0508
An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing th...
CVE-2017-0475
An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...
SA144 : OpenSSH Vulnerabilities January 2017
SUMMARY Blue Coat products using affected versions of OpenSSH are susceptible to several vulnerabilities. A remote attacker with access to an SSH server can exploit these vulnerabilities to execute arbitrary code on an SSH client. A local attacker can also exploit these vulnerabilities to obtain...