Lucene search
K

148 matches found

OSV
OSV
added 2019/02/28 5:29 p.m.5 views

CVE-2019-1988

In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in systemserver with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0...

8.8CVSS8.1AI score0.0191EPSS
Exploits0References2
CNVD
CNVD
added 2019/02/13 12:0 a.m.2 views

Google Android Framework Component Remote Code Execution Vulnerability (CNVD-2019-23561)

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. A remote code execution vulnerability exists in the Framework component of Google Android 8.0, 8.1, and 9. An attacker can exploit this vulnerability to potentially cause...

9.3CVSS8.1AI score0.0191EPSS
Exploits0References1
CNVD
CNVD
added 2019/02/13 12:0 a.m.3 views

Google Android Framework Component Remote Code Execution Vulnerability

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. A remote code execution vulnerability exists in the Framework component of Google Android 9. An attacker can exploit this vulnerability to potentially cause a remote...

9.3CVSS8.3AI score0.01502EPSS
Exploits0References1
NVD
NVD
added 2019/01/03 7:29 p.m.28 views

CVE-2018-19505

Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a...

6.5CVSS6.4AI score0.01581EPSS
Exploits2References3
CVE
CVE
added 2019/01/03 7:0 p.m.44 views

CVE-2018-19505

Remedy AR System Server in BMC Remedy 7.1 is affected by an impersonation flaw in WOI:WorkOrderConsole’s userdata.js. The root cause is a username substitution via UserData_Init, allowing a user to assume another user’s identity in certain scenarios. Impact is user impersonation with elevated ris...

6.5CVSS6.3AI score0.01581EPSS
Exploits2References3Affected Software1
CNVD
CNVD
added 2018/12/11 12:0 a.m.2 views

Android Permission License and Access Control Vulnerability (CNVD-2019-09146)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A security vulnerability exists in the GraphicBuffer.cpp file's unflatten in Android versions 8.1 and 9, which stems from the program not properly validating input. An attacker...

7.8CVSS9.1AI score0.00168EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2018/11/28 12:0 a.m.101 views

BMC Remedy 7.1 User Impersonation

...

6.6AI score0.01581EPSS
Exploits2
0day.today
0day.today
added 2018/09/16 12:0 a.m.121 views

Android (zygote->init;) Chain from USB Privilege Escalation Exploit

Exploit for Android platform in category local exploits After reporting https://bugs.chromium.org/p/project-zero/issues/detail?id=1583 Android ID 80436257, CVE-2018-9445, I discovered that this issue could also be used to inject code into the context of the zygote. Additionally, I discovered a...

0.3AI score0.0082EPSS
Exploits5
Positive Technologies
Positive Technologies
added 2018/06/15 12:0 a.m.5 views

PT-2018-17588 · Unknown · Cms Server +1

Name of the Vulnerable Software and Affected Versions: UCMBD Server versions 10.20 through 11.0 CMS Server version 2018.05 BACKGROUND Description: A remote Cross-site Request forgery CSRF potential has been identified, which could allow for remote unsafe deserialization and cross-site request...

8.8CVSS7.9AI score0.00578EPSS
Exploits0References3
Prion
Prion
added 2017/12/06 2:29 p.m.13 views

Privilege escalation

An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361...

7.2CVSS7.5AI score0.00158EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/12/06 2:0 p.m.21 views

CVE-2017-13173

An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361...

7.6AI score0.00158EPSS
Exploits0References2
CVE
CVE
added 2017/12/06 2:0 p.m.47 views

CVE-2017-13173

CVE-2017-13173 is an elevation of privilege vulnerability affecting the MediaTek system server on Android. The issue targets the system server component (within MediaTek integration) and is described as an Android kernel topic, with local access requirements and high impact on confidentiality, in...

7.8CVSS7.5AI score0.00158EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/10/10 1:30 a.m.3 views

ALPINE-CVE-2017-13721

In X.Org Server aka xserver and xorg-server before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session...

4.7CVSS6.8AI score0.00357EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/10 12:0 a.m.2 views

Apple Mac OS X and Mac OS X Server Kernel Elevation of Privilege Vulnerability

Apple Mac OS X and Apple Mac OS X Server are products of Apple, Inc. Apple Mac OS X is a specialized operating system for Mac computers, and Apple Mac OS X Server is a server operating system, of which ImageIO is a static method used to perform common image ImageIO is a static method used to...

7.8CVSS6.7AI score0.00296EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/02 12:0 a.m.2 views

Linux kernel denial of service vulnerability (CNVD-2017-06843)

Linux is an open source computer operating system kernel. A denial of service vulnerability exists in the NFSv2/NFSv3 server in the nfsd subsystem of Linux kernel version 4.10.11. It allows remote attackers to cause a denial of service via a long RPC reply...

7.8CVSS7.6AI score0.05794EPSS
Exploits0References1
OSV
OSV
added 2017/01/09 8:59 a.m.6 views

CVE-2017-5217

Installing a zero-permission Android application on certain Samsung Android devices with KK4.4, L5.0/5.1, and M6.0 software can continually crash the systemserver process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded withi...

5.5CVSS5.8AI score0.00798EPSS
Exploits0References2
Prion
Prion
added 2016/12/21 10:59 p.m.16 views

Default credentials

Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password...

5CVSS7.1AI score0.01057EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2016/11/25 4:59 p.m.3 views

CVE-2016-6707

An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local...

7.8CVSS6.1AI score
Exploits0References5
UbuntuCve
UbuntuCve
added 2016/11/25 4:59 p.m.22 views

CVE-2016-6707

An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local...

9.3CVSS7.4AI score0.0415EPSS
Exploits2References2
OSV
OSV
added 2016/11/25 4:59 p.m.3 views

UBUNTU-CVE-2016-6707

An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local...

7.8CVSS7.5AI score0.0415EPSS
Exploits2References3
Rows per page
Query Builder