PT-2020-3824 · Microsoft · Windows Csc Service +1

Name of the Vulnerable Software and Affected Versions: Windows CSC Service affected versions not specified Description: The issue is related to the improper handling of memory by the Windows CSC Service, which can lead to an elevation of privilege. To exploit this, an attacker must first gain...

PT-2020-3982 · Microsoft · Windows Function Discovery Ssdp Provider +1

Name of the Vulnerable Software and Affected Versions: Windows Function Discovery SSDP Provider affected versions not specified Description: The issue is related to an elevation of privilege vulnerability that exists when the Windows Function Discovery SSDP Provider improperly handles memory. To...

CVE-2020-4554

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force I...

ASB-A-150226994

In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2020-0113

In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

CVE-2020-1271

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'...

CVE-2020-0067

In f2fsxattrgenericlist of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android...

DEBIAN-CVE-2014-2906

The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...

SunOS 5.10 Generic_147148-26 - Local Privilege Escalation Exploit

Exploit: SunOS 5.10 Generic147148-26 - Local Privilege Escalation Date: 2020-01-15 Author: Marco Ivaldi Vendor: www.oracle.com Software Link: https://www.oracle.com/technetwork/server-storage/solaris10/downloads/latest-release/index.html CVE: CVE-2020-2696 / raptordtsessionipa.c - CDE dtsession L...

PT-2020-1313 · Microsoft · Update Notification Manager +1

Name of the Vulnerable Software and Affected Versions: Microsoft Update Notification Manager affected versions not specified Description: An elevation of privilege issue exists in the way the Update Notification Manager handles files. To exploit this issue, an attacker would first have to gain...

CVE-2019-12068

A flaw was found in QEMU's LSI53C895A device emulator. When executing LSI scripts, a crafted sequence of I/O requests may cause the emulator to enter into an infinite loop. This vulnerability could be executed locally and would affect the availability of the system...

CVE-2019-2209

In BTADmPinReply of btadmapi.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1...

DEBIAN-CVE-2017-5332

The extractgroupiconcursorresource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service process crash and execute arbitrary code via a crafted executable...

Design/Logic Flaw

In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

Code injection

In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...

CVE-2019-2123

CVE-2019-2123 is an Elevation of Privilege flaw in Android’s Framework, triggered by a memory overwrite in Binder.java during execTransact. Affects Android 7.1.1, 7.1.2, 8.0, 8.1, and 9; exploitation can occur locally in a privileged process without user interaction. The issue is surfaced in the ...

Code injection

cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution SEC-486...

CVE-2019-1010057

nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffileinline.c:83, minilzo.c redistributed. The attack vector is: nfdump must read and process a specially crafted file...

GHSA-FRXX-2M33-6WCR Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow

Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code local. Users passing a malformed or malicious version of a TFLite graph into TOCO will cause TOCO to crash or cause a buffer overflow, potentially allowing malicious code to be executed...

CVE-2018-8825

Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code local...