Lucene search
K

121 matches found

UbuntuCve
UbuntuCve
added 2022/03/25 7:15 p.m.68 views

CVE-2021-4157

An out of memory bounds write flaw 1 or 2 bytes of memory in the Linux kernel NFS subsystem was found in the way users use mirroring replication of files with NFS. A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system...

8CVSS6.7AI score0.01584EPSS
Exploits0References3
NVD
NVD
added 2022/03/16 3:15 p.m.33 views

CVE-2021-39703

In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS0.00118EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/03/11 5:54 p.m.30 views

CVE-2021-33658

atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration...

8.1AI score0.00154EPSS
Exploits0References1
Metasploit
Metasploit
added 2022/03/07 5:42 p.m.198 views

Wordpress MasterStudy Admin Account Creation

MasterStudy LMS, a WordPress plugin, prior to 2.7.6 is affected by a privilege escalation where an unauthenticated user is able to create an administrator account for wordpress itself. Module Options msf use auxiliary/admin/http/wpmasterstudyprivesc msf auxiliarywpmasterstudyprivesc show actions...

9.8CVSS9.4AI score0.84943EPSS
Exploits8
OpenVAS
OpenVAS
added 2022/03/05 12:0 a.m.22 views

openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2022:40696-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.6CVSS8.5AI score0.00926EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2022/02/15 12:40 a.m.72 views

Privilege Escalation in Docker

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...

7.2CVSS6.4AI score0.00393EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2021/12/15 7:15 p.m.33 views

CVE-2021-0981

In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...

7.8CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added 2021/12/15 7:15 p.m.24 views

CVE-2021-0985

In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS0.00104EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/12/15 7:15 p.m.31 views

CVE-2021-0929

In iondmabufendcpuaccess and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS7.3AI score0.00158EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/12/15 6:5 p.m.25 views

CVE-2021-0953

In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

7.9AI score0.0011EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2021/11/15 12:0 a.m.439 views

KONGA 0.14.9 - Privilege Escalation

Exploit Title: KONGA 0.14.9 - Privilege Escalation Date: 10/11/2021 Exploit Author: Fabricio Salomao & Paulo Trindade @paulotrindadec Vendor Homepage: https://github.com/pantsel/konga Software Link: https://github.com/pantsel/konga/archive/refs/tags/0.14.9.zip Version: 0.14.9 Tested on: Linux -...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/10/26 12:0 a.m.30 views

Debian DSA-4993-1 : php7.3 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dsa-4993 advisory. An out-of-bounds read and write flaw was discovered in the PHP-FPM code, which could result in escalation of privileges from local unprivileged user to the root user. For...

7.8CVSS7.4AI score0.01337EPSS
Exploits1References5
Huntr
Huntr
added 2021/06/15 6:52 a.m.31 views

in polonel/trudesk

💥 BUG Unprivileged user can subscribs others to a ticket 💥 IMPACT user with lower level permission can subscribe others to a ticket 💥 STEP TO REPRODUCE 1. First from admin goto http://localhost:8118/teams and create a team called team2.\ Now goto http://localhost:8118/accounts/agents and add new...

6.5CVSS8.6AI score0.0336EPSS
Exploits1
Exploit DB
Exploit DB
added 2021/06/15 12:0 a.m.470 views

Polkit 0.105-26 0.117-2 - Local Privilege Escalation

Exploit Title: Polkit 0.105-26 0.117-2 - Local Privilege Escalation Date: 06/11/2021 Exploit Author: J Smith CadmusofThebes Vendor Homepage: https://www.freedesktop.org/ Software Link: https://www.freedesktop.org/software/polkit/docs/latest/polkitd.8.html Version: polkit 0.105-26 Ubuntu, polkit...

7.8CVSS6.9AI score0.22193EPSS
Exploits37
Huntr
Huntr
added 2021/05/19 8:34 a.m.14 views

Improper Privilege Management in dolibarr/dolibarr

💥 BUG unprivileged user can see all details of a product 💥 STEP TO REPRODUCE 1. From admin account add user B as normal user .\ Now dont give any permission for Product module for user B .\ So, user B should not see any product details .\ \ 2. Now from admin create a product .\ \ 3. Finally goto...

0.8AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2021/03/30 12:0 a.m.27 views

Apple macOS AppleIntelKBLGraphics IOCTL 0x10008 Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of IOCTL...

7.8CVSS3.5AI score0.00578EPSS
Exploits0References1
Prion
Prion
added 2021/03/10 5:15 p.m.22 views

Design/Logic Flaw

In done of CaptivePortalLoginActivity.java, there is a confused deputy. This could lead to local escalation of privilege in carrier settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160871056...

4.6CVSS7.6AI score0.00124EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/01/11 10:15 p.m.29 views

CVE-2021-0306

In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITYRECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no...

7.8CVSS7.9AI score0.00259EPSS
Exploits0References1
NVD
NVD
added 2020/11/12 6:15 p.m.16 views

CVE-2020-8737

Improper buffer restrictions in the IntelR StratixR 10 FPGA firmware provided with the IntelR QuartusR Prime Pro software before version 20.1 may allow an unauthenticated user to potentially enable escalation of privilege and/or information disclosure via physical access...

6.8CVSS6.9AI score0.00362EPSS
Exploits0References1
NVD
NVD
added 2020/09/17 9:15 p.m.16 views

CVE-2020-0336

In SurfaceFlinger, there is possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153467444...

6.7CVSS0.0016EPSS
Exploits0References1
Rows per page
Query Builder