CVE-2018-19505

Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a...

CVE-2018-19505

Remedy AR System Server in BMC Remedy 7.1 is affected by an impersonation flaw in WOI:WorkOrderConsole’s userdata.js. The root cause is a username substitution via UserData_Init, allowing a user to assume another user’s identity in certain scenarios. Impact is user impersonation with elevated ris...

Android Permission License and Access Control Vulnerability (CNVD-2019-09146)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A security vulnerability exists in the GraphicBuffer.cpp file's unflatten in Android versions 8.1 and 9, which stems from the program not properly validating input. An attacker...

BMC Remedy 7.1 User Impersonation

...

Android (zygote->init;) Chain from USB Privilege Escalation Exploit

Exploit for Android platform in category local exploits After reporting https://bugs.chromium.org/p/project-zero/issues/detail?id=1583 Android ID 80436257, CVE-2018-9445, I discovered that this issue could also be used to inject code into the context of the zygote. Additionally, I discovered a...

PT-2018-17588 · Unknown · Cms Server +1

Name of the Vulnerable Software and Affected Versions: UCMBD Server versions 10.20 through 11.0 CMS Server version 2018.05 BACKGROUND Description: A remote Cross-site Request forgery CSRF potential has been identified, which could allow for remote unsafe deserialization and cross-site request...

Privilege escalation

An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361...

CVE-2017-13173

An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361...

CVE-2017-13173

CVE-2017-13173 is an elevation of privilege vulnerability affecting the MediaTek system server on Android. The issue targets the system server component (within MediaTek integration) and is described as an Android kernel topic, with local access requirements and high impact on confidentiality, in...

ALPINE-CVE-2017-13721

In X.Org Server aka xserver and xorg-server before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session...

Apple Mac OS X and Mac OS X Server Kernel Elevation of Privilege Vulnerability

Apple Mac OS X and Apple Mac OS X Server are products of Apple, Inc. Apple Mac OS X is a specialized operating system for Mac computers, and Apple Mac OS X Server is a server operating system, of which ImageIO is a static method used to perform common image ImageIO is a static method used to...

Linux kernel denial of service vulnerability (CNVD-2017-06843)

Linux is an open source computer operating system kernel. A denial of service vulnerability exists in the NFSv2/NFSv3 server in the nfsd subsystem of Linux kernel version 4.10.11. It allows remote attackers to cause a denial of service via a long RPC reply...

CVE-2017-5217

Installing a zero-permission Android application on certain Samsung Android devices with KK4.4, L5.0/5.1, and M6.0 software can continually crash the systemserver process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded withi...

Default credentials

Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password...

CVE-2016-6707

An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local...

CVE-2016-6707

An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local...

UBUNTU-CVE-2016-6707

An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local...

CVE-2016-6707

CVE-2016-6707 affects Android System Server with a local privilege-escalation via ashmem-backed Bitmaps. The issue stems from mismatched memory sizes: ashmem (ASHMEM_SET_SIZE) defines the region size, but memory mappings (mmap) in Parcel::readBlob use a bitmap-derived len, and Bitmap creation sto...

Google Android System Server Remote Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which System Server is a system server. A remote elevation of privilege vulnerability exists in System Server in Android. An attacker can exploit this vulnerability with a...

Android system_server Privilege Acquisition Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which System Server is a system server. A privilege acquisition vulnerability exists in systemserver in versions of Android prior to 2016-10-05 on Nexus-based devices. An...