CVE-2022-20357

In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12...

CVE-2022-20358

In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...

Exploit for Race Condition in Linux Linux_Kernel

CVE-2022-29582 This repository contains exploit code for CVE-2...

PUB-A-214245176

In TBD of TBD, there is a possible out of bounds write due to kernel stack overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

PT-2022-3746 · Microsoft · Windows Graphics +1

Name of the Vulnerable Software and Affected Versions: Windows Graphics Component affected versions not specified Description: The issue is related to insecure privilege management in the Windows Graphics Component. It allows an attacker to elevate their privileges. The vulnerability can be...

CVE-2017-20112 IVPN Client privileges management

A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument --up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been...

Server side request forgery (ssrf)

A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument uploadurl leads to server-side request forgery. The attack needs to be approached...

CVE-2017-20102

A vulnerability was found in Album Lock 4.0 and classified as critical. Affected by this issue is some unknown functionality of the file /getImage. The manipulation of the argument filePaht leads to path traversal. Attacking locally is a requirement. The exploit has been disclosed to the public a...

CVE-2017-20102 Album Lock getImage path traversal

A vulnerability was found in Album Lock 4.0 and classified as critical. Affected by this issue is some unknown functionality of the file /getImage. The manipulation of the argument filePaht leads to path traversal. Attacking locally is a requirement. The exploit has been disclosed to the public a...

CVE-2022-22444

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 224444...

CVE-2022-20141

In ipcheckmcrcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2019-25062

A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be us...

Apple macOS Monterey 缓冲区错误漏洞

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A buffer error vulnerability exists in Apple macOS Monterey versions 12.0 21A344 through 12.3.1 21E258, which stems from a boundary error in AMD firmware. A local user can exploit the...

Apple macOS Monterey 缓冲区错误漏洞

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A buffer error vulnerability exists in Apple macOS Monterey versions 12.0 21A344 through 12.3.1 21E258, which stems from a boundary error in AMD firmware. A local user can run a specially...

CVE-2022-20007

In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges neede...

kernel: use after free in eventpoll.c may lead to escalation of privilege

A flaw was found in the Linux kernel. A logic error in eventpoll.c can cause a use-after-free, leading to a local escalation of privilege with no additional execution privileges. User interaction is not needed for exploitation. The highest threat from this vulnerability is to confidentiality,...

Denial of service

Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability...

CVE-2021-39801

In ionioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which stems from a missing privilege check in SmsController. An attacker could exploit this vulnerability to cause a local elevation of privilege...

CVE-2017-20012 WEKA INTEREST Security Scanner Stresstest Scheme denial of service

A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This...