CVE-2023-21290

In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21280

In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-20782

In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550103...

UBUNTU-CVE-2023-4004

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nftpipaporemove function with the element, without a NFTSETEXTKEYEND. This issue could allow a local user to crash the system or potentially escalate their privileges on the system...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6248-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6248-1 advisory. It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local...

PT-2023-4945 · Ibm · Ibm Qradar Wincollect Agent

Name of the Vulnerable Software and Affected Versions: IBM QRadar WinCollect Agent versions 10.0 through 10.1.6 Description: The issue is related to insufficient access control in the IBM QRadar WinCollect Agent, which can be exploited by a remote attacker to elevate their privileges. A normal us...

CVE-2023-3609

CVE-2023-3609 is a Linux kernel use-after-free in the net/sched: cls_u32 classifier. The flaw arises when tcf_change_indev() fails; u32_set_parms() returns after updating the reference counter in tcf_bind_filter(), and an attacker who can manipulate the reference counter to zero can cause the ref...

CVE-2023-30906

The vulnerability could be locally exploited to allow escalation of privilege...

Privilege escalation

The vulnerability could be locally exploited to allow escalation of privilege...

CVE-2023-30906

The vulnerability could be locally exploited to allow escalation of privilege...

kernel: net/ulp: use-after-free in listening ULP sockets

A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context struct tlscontext on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system...

DEBIAN-CVE-2023-21400

In multiple functions of iouring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-28061

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...

CVE-2023-28056

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...

CVE-2023-28034

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...

CVE-2023-20752

In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826586; Issue ID: ALPS07826586...

CVE-2023-20727

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588531; Issue ID: ALPS07588531...

CVE-2023-3099

A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function deletefile in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch...

Improper access control

A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the...

PT-2023-23088 · Unknown · Kylin-Software-Properties

Name of the Vulnerable Software and Affected Versions: kylin-software-properties versions prior to 0.0.1-130 Description: A critical issue has been found in the changedSource function, leading to improper access controls. This can be exploited locally. It is reported that the exploit has been...