Microsoft Windows power lifting vulnerability (CNVD-2020-33734)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevated privilege vulnerability exists in the way the tapisrv.dll file handles memory objects in Microsoft Windows. An attacker can exploit this vulnerability to execute code with...

CVE-2019-2215

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network...

Huawei Hima-AL00B Code Execution Vulnerability

The Huawei Hima-AL00B is a smartphone from the Chinese company Huawei Huawei. A security vulnerability exists in the Huawei Hima-AL00B HMA-AL00C00B175 previous version, which stems from a problem in the logic of signature verification. The vulnerability can be exploited to execute arbitrary code ...

Apple macOS memory corruption vulnerability (CNVD-2018-22951)

macOS is Apple's proprietary operating system for the Mac line of products. A memory corruption vulnerability exists in the Kernel component in Apple macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14. An attacker can exploit the vulnerability via an application to execute...

Apple macOS High Sierra AppleGraphicsControl Memory Read Vulnerability

Apple macOS High Sierra is a specialized operating system developed by Apple for Mac computers.AppleGraphicsControl is one of the integrated graphics drivers. A memory read vulnerability exists in the AppleGraphicsControl component of Apple macOS High Sierra version 10.13.6, which can be exploite...

Microsoft Windows Hyper-V Remote Code Execution Vulnerability (CNVD-2018-10730)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation USA.Windows Hyper-V is one of the virtualization products that supports the creation of virtual machines in Windows. A remote code execution vulnerability exists in Microsoft Windows Hyper-V that...

SUSE-SU-2018:0237-1 Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1)

This update for the Linux Kernel 3.12.74-606454 fixes several issues. The following security issues were fixed: - CVE-2017-15868: The bnepaddconnection function in net/bluetooth/bnep/core.c in did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a...

Microsoft Windows graphics information disclosure vulnerability (CNVD-2017-33309)

Microsoft Windows Server 2008 SP2 and others are a series of operating systems released by Microsoft Corporation in the United States. graphics is one of the graphics driver components. An information disclosure vulnerability exists in graphics in Microsoft Windows, which arises from the program'...

Cisco Wide Area Application Services Denial of Service Vulnerability

Cisco Wide Area Application Services WAAS is the United States Cisco Cisco company's set of WAN link acceleration software. The software is mainly used for small bandwidth and high latency link environment. A remote denial of service vulnerability exists in Cisco Wide Area Application Services,...

CVE-2015-9004

kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perfpmuregister and perfeventopen functions...

Microsoft Windows GDI Elevation of Privilege (MS17-013: CVE-2017-0025)

An elevation of privilege vulnerability exists in Windows Graphics Device Interface GDI. The vulnerability is caused when the Windows Graphics Device Interface fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially crafted application...

Google Android Kernel Component Information Disclosure Vulnerability (CNVD-2016-12192)

Android on Nexus 5X is an open source operating system based on Linux developed by Google and the Open Handset Alliance OHA for the Nexus 5X and other smart devices. kernel is one of the kernels used in it. An information disclosure vulnerability exists in the kernel component of Android. The...

CVE-2016-9567

The mDNIe system service on Samsung Mobile S7 devices with M6.0 software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The...

WordPress Answer My Question Plugin <= 1.3 - SQL Injection

This plugin is prone to an SQL injection vulnerability. It allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution There is no solution...

Microsoft Windows Bowser.sys Information Disclosure Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. An information disclosure vulnerability exists in the kernel mode driver for Microsoft Windows Bowser.sys. An attacker can exploit this vulnerability to disclose sensitive information with the help of a...

UBUNTU-CVE-2016-3885

debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACEATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal b...

Android Qualcomm component lifting vulnerability (CNVD-2016-04858)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA in the U.S. Qualcomm is one of the Qualcomm components used in Qualcomm devices. A privilege-lifting vulnerability exists in the Qualcomm component in versions of Android prior to...

CVE-2016-3764

media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive pointer information via a crafted application, aka internal bug 28377502...

Android MediaTek Wi-Fi Driver Information Disclosure Vulnerability

Android on Android One is a Linux-based open source operating system for Android One smartphone developed by Google and the Open Handset Alliance OHA in the U.S. MediaTek Wi-Fi driver is one of the components of MediaTek Wi-Fi driver. MediaTek Wi-Fi driver is a wireless card driver component...

WordPress Web Dorado Spider Event Calendar Plugin 1.4.9 - SQL Injection

This Web Dorado Spider Event Calendar plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...