Apple macOS process_token_BindQueryStoreRegisterToMemoryList Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppleIntelKBLGraphic...

QEMU Plan 9 File System Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of QEMU. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the handling of file...

Microsoft Windows Device Management Enrollment Service Directory Junction Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Information disclosure

An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One on-prem and SaaS, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 and Services could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain t...

Information disclosure

An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One on-prem and SaaS, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 and Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain...

CVE-2021-25248

An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One on-prem and SaaS, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 and Services could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain t...

CVE-2021-25227

Trend Micro Antivirus for Mac 2021 Consumer is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

Apple iOS FairplayIOKit Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple iOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the FairplayIOK...

Linux Kernel setsockopt System Call Untrusted Pointer Dereference Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling...

Apache Druid 访问控制错误漏洞

Apache Druid is the U.S. Apache Software Apache Foundation , a use of the Java language , written in column-oriented open source distributed database . An access control error vulnerability exists in Apache Druid 0.20.0 and earlier versions that allows an authenticated user to force Druid to run...

CVE-2021-25224

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execu...

CVE-2021-25226

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execu...

CVE-2021-25225

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to...

CVE-2021-25226

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execu...

CVE-2021-25225

CVE-2021-25225 affects Trend Micro ServerProtect for Linux 3.0. The vulnerability is in the splx_schedule_scan component and is due to lack of validation of user-supplied data, which can lead to memory exhaustion and denial of service. Exploitation details vary by source: ZDI-21-086 describes rem...

CVE-2021-25225

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to...

CVE-2021-25224

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execu...

Microsoft Windows splwow64 Out-Of-Bounds Read Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode...

Microsoft Windows AppX Deployment Service Directory Junction Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...

Microsoft Windows InstallService Directory Junction Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...