184 matches found
Microsoft Patch Tuesday January 2023: ALPC EoP, Win Backup EoP, LocalPotato, Exchange, Remote RCEs
Hello everyone! This episode will be about Microsoft Patch Tuesday for January 2023, including vulnerabilities that were added between December and January Patch Tuesdays. Alternative video link for Russia: As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilitie...
CVE-2022-20585
In validoutofspecialsecdramaddr of drmaccesscontrol.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...
CVE-2022-20588
In sysmmumap of sysmmu.c, there is a possible EoP due to a precondition check failure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238785915Reference...
CVE-2022-20587
In ppmpvalidatewsm of drmfw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...
CVE-2022-20586
In validoutofspecialsecdramaddr of drmaccesscontrol.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...
Input validation
In validoutofspecialsecdramaddr of drmaccesscontrol.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...
CVE-2022-20587
CVE-2022-20587 affects Android devices via an issue in the Android kernel, in drm_fw.c within the ppmp_validate_wsm function. The vulnerability arises from improper input validation, enabling local privilege escalation with no additional privileges and no user interaction required. The CVSS vecto...
CVE-2022-20597
CVE-2022-20597 describes a local Elevation of Privilege in the Android kernel: in ppmpu_set of ppmpu.c, an integer overflow can lead to a local escalation of privilege with no extra execution privileges and no user interaction required. Public sources in NVD/Red Hat entries corroborate the Androi...
CVE-2022-20585
CVE-2022-20585 affects the Android kernel component drm_access_control.c, specifically the function valid_out_of_special_sec_dram_addr. The issue is an elevation of privilege due to improper input validation, enabling local privilege escalation with no extra user interaction. Exploitation details...
CVE-2022-20587
In ppmpvalidatewsm of drmfw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...
CVE-2022-20598
In secmediaprotect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...
CVE-2022-20588
In sysmmumap of sysmmu.c, there is a possible EoP due to a precondition check failure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238785915Reference...
CVE-2022-20588
CVE-2022-20588 affects the Android kernel in the sysmmu_map function of sysmmu.c. The issue is a precondition check failure that can enable local elevation of privilege, granting System execution privileges. Exploitation details are not provided in the supplied documents; no user interaction is r...
CVE-2022-20586
CVE-2022-20586 describes an elevation of privilege in the Android kernel due to improper input validation in the function valid_out_of_special_sec_dram_addr within drm_access_control.c. The vulnerability could allow local escalation of privilege without any additional execution privileges, with a...
CVE-2022-20598
CVE-2022-20598 describes an integer overflow in the Android kernel’s sec_media_protect function (media.c). The issue can cause a local Elevation of Privilege in the secure mode MFC Core, with no additional privileges or user interaction required. The available documents specify the vulnerability ...
Microsoft Patch Tuesday October 2022: Exchange ProxyNotShell RCE, Windows COM+ EoP, AD EoP, Azure Arc Kubernetes EoP
Hello everyone! This episode will be about Microsoft Patch Tuesday for October 2022, including vulnerabilities that were added between September and October Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. Alternative video link for Russia: $ cat...
CVE-2022-20435
There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: AndroidVersions: Android SoCAndroid ID: A-242248367...
Code injection
There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: AndroidVersions: Android SoCAndroid ID: A-242248367...
CVE-2022-20435
CVE-2022-20435 is an Android vulnerability described as an unauthorized service in the system service that, due to missing permission checks, can lead to local elevation of privilege and potentially a system reboot. Connected OSV entries (ASB-A-242248367 and ASB-A-242248369) corroborate an unauth...
CVE-2022-20435
There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: AndroidVersions: Android SoCAndroid ID: A-242248367...