linux-pam: Incomplete fix for CVE-2025-6020

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. which provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.1.10.0 and earlier, which stems from incorrect input validation and allows an attack...

CVE-2020-12613

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token prior to Avecto elevation. When Avecto elevates the process, it removes the user who is launching the process, but not the second...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates in the multiple functions obfuscation agent of the AccountManagerService.java component, which can be exploited by an attacker to elevate...

Avast antivirus 安全漏洞

Avast antivirus, a suite of antivirus software from the Czech company Avast, has an elevation of privilege vulnerability that could be exploited by a local attacker to gain elevated privileges by invoking non-essential powerful internal methods of the main antivirus service...

Microsoft Windows and Microsoft Windows Server Elevation of Privilege Vulnerability (CNVD-2020-49364)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows and Microsoft Windows...

Google Android Framework elevation of privilege vulnerability (CNVD-2020-27134)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the Framework component of Google Android 8.0, 8.1, 9, and 10. An attacker can exploit the vulnerability to elevat...

Microsoft Windows User-Mode Power Service Elevation of Privilege Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in the way memory objects are handled in the Microsoft Windows User-Mode Power Service. An attacker could exploit this vulnerability with...

Trend Micro Maximum Security Elevation of Privilege Vulnerability

Trend Micro Maximum Security is multi-device virus, malware protection software. Trend Micro Maximum Security 2018 suffers from a Time-of-Check Time-of-Use elevation-of-privilege vulnerability that stems from the way the tmusa driver handles IOCTL 0x222813. An attacker can exploit the vulnerabili...

Google Android NVIDIA component elevation of privilege vulnerability (CNVD-2018-06616)

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and NVIDIA libnvomx is one of the video encoding libraries. An elevation of privilege vulnerability exists in NVIDIA libnvomx in Android, which stems from the program failing to properly...

Google Android Media Framework elevation of privilege vulnerability (CNVD-2017-31371)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA, and Media framework libstagefright is one of the hard-decoding support frameworks for multimedia development. A boost vulnerability exists in Media frameworklibstagefright in...

Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838, CVE-2009-1841...