PT-2024-20686 · Intel · Intel Server D50Fcp Family

Name of the Vulnerable Software and Affected Versions: IntelR Server M50FCP Family products affected versions not specified Description: The issue is related to improper input validation in the PfrSmiUpdateFw driver in UEFI firmware, which may allow a privileged user to enable escalation of...

PT-2024-23613 · Unknown · Zephyr Rtos

Name of the Vulnerable Software and Affected Versions: Zephyr RTOS versions prior to 3.6 Description: The issue allows a malicious BLE device to crash a BLE victim device by sending a malformed gatt packet. This can be exploited for local attacks. Network segmentation can help mitigate the risk...

GHSA-7X97-J373-85X5 Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Impact Apps that are launched as command line executables are impacted. E.g. if your app exposes itself in the path as myapp --help Specifically this issue can only be exploited if the following conditions are met: Your app is launched with an attacker-controlled working directory The attacker ha...

PT-2023-20632 · Digitalpersona · Digitalpersona Fpsensor

Name of the Vulnerable Software and Affected Versions: DigitalPersona FPSensor version 1.0.0.1 Description: A problematic issue has been found in the processing of the file C:Program Files x86FPSensorbinDpHost.exe, leading to an unquoted search path. This issue requires local attacking to be...

CVE-2023-21491

Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege...

SUSE CVE-2011-1550

The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as...

OPENSUSE-SU-2022:10090-1 Security update for canna

This update for canna fixes the following issues: - CVE-2022-21950: move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. Use systemd-tmpfiles for cleaning old sockets boo1199280...

Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices

Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. The issues, now fixed by its Israeli developer MCE Systems, could have potentially allowed threat actors to stage remote and local attacks or be abused as...

Android apps with millions of downloads exposed to high-severity vulnerabilities

Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote albeit complex or local attacks. The vulnerabilities, which affected apps...

CVE-2020-14480

Due to usernames/passwords being stored in plaintext in Random Access Memory RAM, a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials...

CVE-2020-4371

IBM Verify Gateway IVG 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008...

Threat modelling and IoT hubs

IoT hubs are increasingly being used to provide a single point of access to the myriad of smart devices in the home. One ring to rule them all, if rather than multiple apps for different devices. When reviewing devices we often start with the single biggest security threat: unauthorised access to...

NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String Exploit

There is an info leak when decoding the SGBigUTF8String class using SGBigUTF8String initWithCoder:. This class initializes the string using SGBigUTF8String initWithUTF8DataNullTerminated: even though there is no guarantee the bytes provided to the decoder are null terminated. It should use...

NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String

NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String There is an info leak when decoding the SGBigUTF8String class using SGBigUTF8String initWithCoder:. This class initializes the string using SGBigUTF8String initWithUTF8DataNullTerminated: even though there is no guarantee the bytes provide...

CVE-2018-9322

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware...

CVE-2018-9322

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware...

CVE-2017-15918

Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks...

Privilege escalation

Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks...

CVE-2017-15918

Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks...

CVE-2017-15918

CVE-2017-15918 affects Sera 1.2 on macOS. It stores the user’s login password in plain text in the home directory, specifically at ~/Library/Preferences/no.ignitum.SeraOSX.plist, enabling local privilege escalation and potential dumping of the user and system keychains. The connected documents co...