4068 matches found
Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux
PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker coul...
DEBIAN-CVE-2021-37969
Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file...
CVE-2021-0692
In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Metasploit Wrap-Up
Capture Credentials with our new SMB Server Our own Adam Galway revamped the old SMB capture module and now supports NTLMv1 and NTLMv2, as well as SMB1, SMB2 and SMB3. This was possible thanks to @zeroSteiner's new RubySMB server implementation. Metasploit is now able to capture NTLM hashes from...
CVE-2021-0416
CVE-2021-0416 concerns the Mediatek memory management driver. The available descriptions state a vulnerability due to improper input validation that can cause a system crash, yielding local denial of service without requiring user interaction. Affected components are described as the memory manag...
CVE-2021-0407
In clk driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05479659; Issue ID: ALPS05479659...
CVE-2021-0639
CVE-2021-0639 affects Android/Widevine through libl3oemcrypto.cpp. Described as a local information disclosure due to weaknesses in the obfuscation/handling of sensitive data; requires no user interaction. Documented impact is partial confidentiality loss with local access and no privileges beyon...
CVE-2021-22422
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting...
kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c
A NULL pointer dereference flaw was found in the Xirlink camera USB driver 'xirlink-cit' in the Linux kernel. The driver mishandles invalid descriptors leading to a denial-of-service DoS. This could allow a local attacker with user privilege to crash the system or leak kernel internal information...
Google Android DevicePolicyManagerService.java Elevation of Privilege Vulnerability
Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android DevicePolicyManagerService.java. An attacker can exploit this vulnerability to cause a local elevation of privilege...
Google Android AppLaunchActivity.java Elevation of Privilege Vulnerability
Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android AppLaunchActivity.java. An attacker can exploit this vulnerability to cause a local elevation of privilege...
Google Android drm_syncobj.c Information Disclosure Vulnerability
Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. Google Android drmsyncobj.c suffers from an information disclosure vulnerability. An attacker can exploit this vulnerability to cause a local information disclosure...
Avaya Aura Device Services 代码注入漏洞
Avaya Aura Device Services is a software application from Avaya, USA. It provides a feature for managing Avaya endpoints. A security vulnerability exists in Avaya Aura Device Services versions 7.0 through 8.1.4.0, which can be exploited by local users to execute specially written scripts...
Google Android Information Disclosure Vulnerability (CNVD-2021-45436)
Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. Google Android 11 suffers from an information disclosure vulnerability. The vulnerability arises due to an out-of-bounds read due to a heap buffer overflow in ih264efmtconv.c in...
Privilege escalation
In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...
CVE-2021-0505
CVE-2021-0505 affects Android 11 (Settings) with a missing permission check that could allow disabling an always-on VPN, enabling local elevation of privilege without user interaction. Documents consistently describe a local, low-exploitability EoP risk; no explicit exploit details or fixes are p...
CVE-2021-29706
IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. IBM X-Force ID: 200663...
Google Android elevation of privilege vulnerability (CNVD-2021-43394)
Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. Google Android suffers from an elevation of privilege vulnerability. The vulnerability stems from an out-of-bounds write in the memory management driver due to a lack of boundary checking...
Google Android 资源管理错误漏洞
Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. Google Android suffers from an elevation of privilege vulnerability. The vulnerability stems from a memory corruption in the memory management driver due to reuse after release. An attack...
Google Android 资源管理错误漏洞
Google Android is a Linux-based open source operating system of the Google Open Handheld Consortium Google. Google Android suffers from an elevation of privilege vulnerability. The vulnerability stems from a memory corruption in the memory management driver due to reuse after release. An attacker...