Exploit for Improper Privilege Management in Enlightenment

CVE-2022-37706 Exploit: Enlightenment v0.25.3 Privilege Escala...

SUSE CVE-2024-53589

GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD Binary File Descriptor library's handling of tekhex format files...

Devolutions Server Installed (Windows)

Binary data devolutionsserverwininstalled.nbin...

PT-2024-10659 · Google · Android +1

Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned as affected, so the information is not sufficient to determine the exact vulnerable software and versions. Description: The issue is related to a possible out of bounds write in the get binary...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, an American company. A security vulnerability exists in Google Pixel, which stems from a lack of bounds checking in getbinary in vendor/mediatek/proprietary/hardware/connectivity/gps/gpshal/src/datacoder.c, where out-of-bounds writes may exist...

SUSE-SU-2024:4140-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47589: igbvf: fix double free in igbvfprobe bsc1226557. - CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1231893. - CVE-2022-48960: net:...

OESA-2024-2480 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to...

SUSE-SU-2024:4103-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47589: igbvf: fix double free in igbvfprobe bsc1226557. - CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1231893. - CVE-2022-48960: net:...

The vulnerability of the binary file plctool of the microprogramming software for modular controllers of variable current charging stations and wall-mounted charging devices from Phoenix Contact, CHARX SEC-3100, allows a hacker to execute any code in the root context.

The vulnerability of the binary file of the microprogramming software for modular controllers of variable current charging stations and wall-mounted charging devices, the Phoenix Contact CHARX SEC-3100, exists due to insufficient verification of input data. Exploiting this vulnerability could all...

CVE-2024-36248

CVE-2024-36248 affects Sharp MFPs and related devices, where API keys for cloud services are hardcoded in the main binary. This root cause can enable exposure or misuse of cloud credentials by anyone gaining access to the device, potentially allowing unauthorized external access or data exposure ...

CVE-2024-36248

API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under References...

DuckDB Installed (Linux / Unix)

Binary data duckdbnixinstalled.nbin...

PT-2024-26930 · Sharp +1 · Multiple Mfps

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: The issue involves hardcoded API keys for some cloud services in the "main" binary, posing security risks. The details of affected product...

Zscaler Client Connector Installed (Windows)

Binary data zscalerclientconnectorwininstalled.nbin...

The vulnerability of the Intel Binary Configuration Tool’s configuration modification utility lies in the improper use of standard permissions, allowing attackers to increase their privileges.

The vulnerability of the Intel Binary Configuration Tool’s configuration modification utility is related to the improper use of standard permissions. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of the Intel Binary Configuration Tool’s configuration modification utility lies in its uncontrolled search path, which allows a malicious actor to exploit their privileges.

The vulnerability of the Intel Binary Configuration Tool’s configuration modification utility is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges...

DuckDB Installed (Windows)

Binary data duckdbwininstalled.nbin...

The vulnerability of the Spectrum Power 7 software, related to incorrect privilege assignment, allows a perpetrator to elevate their privileges.

The vulnerability of the Spectrum Power 7 software is related to the improper assignment of privileges by running binary files with the SUID privilege. Exploiting this vulnerability can allow an attacker to increase their privileges...

com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

A flaw was found in the XStream library. A remote attacker may trigger a denial of service by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. This issue may lead to the termination of the application...

Finding vulnerabilities in ClipSp, the driver at the core of Windows’ Client License Platform

By Philippe Laulheret ClipSP clipsp.sys is a Windows driver used to implement client licensing and system policies on Windows 10 and 11 systems. Cisco Talos researchers have discovered eight vulnerabilities related to clipsp.sys ranging from signature bypass to elevation of privileges and sandbox...