Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Monterey versions prior to 12.0.1, which stems from faulty code logic. The vulnerability can be exploited by an attacker to access a local user's Apple ID...

CVE-2022-20562

The CVE-2022-20562 entry concerns a logic error in ap_input_processor.c within the Android kernel’s audio processing path that could allow recording audio during a phone call, leading to local information disclosure. The vulnerability is classified as Information Disclosure with a Local attack ve...

Thinkphp has a code logic error

Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell...

CVE-2022-44289

Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell...

PT-2022-27168 · Thinkphp · Thinkphp

Name of the Vulnerable Software and Affected Versions: Thinkphp versions 5.0.24 through 5.1.41 Description: The issue is caused by a code logic error that leads to a file upload getting shell access. This allows an attacker to potentially execute arbitrary code on the server. Recommendations: For...

CVE-2022-44289

ThinkPHP 5.0.24–5.1.41 contains a code-logic error in the file-upload path that can allow an attacker to obtain shell access (remote code execution) on affected servers. Exploitation details are not provided in the CVE, but multiple sources concur on the vulnerability scope and impact. A fix exis...

CVE-2022-44289

Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell...

CVE-2022-44289

Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell...

PT-2024-4357

Name of the Vulnerable Software and Affected Versions PHP versions 8.1. through 8.1.28 PHP versions 8.2. through 8.2.19 PHP versions 8.3. through 8.3.7 Description A code logic error in PHP's filtering functions, such as filter var, when validating URLs with FILTER VALIDATE URL, can result in...

CVE-2022-20420

In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

CVE-2022-20297

In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android I...

ASB-A-219546241

In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Open-Xchange: Privilege escalation possible in dovecot when similar passdbs are used

Summary --------- Privilege escalation is possible as a result of incorrect security code logic for dovecot passdb definitions. Description ------------ When two passdb configuration entries exist in the dovecot configuration which have the same driver and args settings, the incorrect...

ASB-A-205996517

In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati...

Google Android 权限许可和访问控制问题漏洞

Google Android is a Linux-based open source operating system from Google, Inc. An elevation-of-privilege vulnerability exists in Google Android, which originates in several functions in LauncherApps.java and could result in an elevation-of-privilege situation due to a logic error in the code. An...

Google Android Elevation of Privilege Vulnerability (CNVD-2022-22949)

Google Android is a Linux-based open source operating system from Google, Inc. An elevation-of-privilege vulnerability exists in Google Android due to a code logic error in kbasejduserbufpinpages in malikbasemem.c. error. An attacker could exploit this vulnerability to elevate local privileges...

CVE-2021-39684

In targetinit of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

IBM Cloud Pak for Security Information Disclosure Vulnerability (CNVD-2021-36325)

IBM Cloud Pak for Security is an application from IBM America, Inc. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster. An information disclosure vulnerability exists in IBM Cloud Pak for Security...

Design/Logic Flaw

cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infinite-loop. In the case of a nodejs...

Google Android elevation of privilege vulnerability (CNVD-2021-24924)

Google Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA. Google Android suffers from an elevation of privilege vulnerability. The vulnerability stems from a code logic error in CrossProfileAppsServiceImpl.java, which results in the application's...