Lucene search
+L

184 matches found

Information Security Automation
Information Security Automation
added 2023/01/13 2:14 p.m.87 views

Microsoft Patch Tuesday January 2023: ALPC EoP, Win Backup EoP, LocalPotato, Exchange, Remote RCEs

Hello everyone! This episode will be about Microsoft Patch Tuesday for January 2023, including vulnerabilities that were added between December and January Patch Tuesdays. Alternative video link for Russia: As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilitie...

6.5CVSS8.2AI score0.41806EPSS
Exploits3
NVD
NVD
added 2022/12/16 4:15 p.m.26 views

CVE-2022-20585

In validoutofspecialsecdramaddr of drmaccesscontrol.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

7.8CVSS0.00125EPSS
Exploits0References1
NVD
NVD
added 2022/12/16 4:15 p.m.27 views

CVE-2022-20588

In sysmmumap of sysmmu.c, there is a possible EoP due to a precondition check failure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238785915Reference...

6.7CVSS0.00124EPSS
Exploits0References1
NVD
NVD
added 2022/12/16 4:15 p.m.18 views

CVE-2022-20587

In ppmpvalidatewsm of drmfw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

7.8CVSS0.00125EPSS
Exploits0References1
NVD
NVD
added 2022/12/16 4:15 p.m.25 views

CVE-2022-20586

In validoutofspecialsecdramaddr of drmaccesscontrol.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

7.8CVSS0.00125EPSS
Exploits0References1
Prion
Prion
added 2022/12/16 4:15 p.m.16 views

Input validation

In validoutofspecialsecdramaddr of drmaccesscontrol.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

4.3CVSS7.6AI score0.00125EPSS
Exploits0References1
CVE
CVE
added 2022/12/16 12:0 a.m.84 views

CVE-2022-20587

CVE-2022-20587 affects Android devices via an issue in the Android kernel, in drm_fw.c within the ppmp_validate_wsm function. The vulnerability arises from improper input validation, enabling local privilege escalation with no additional privileges and no user interaction required. The CVSS vecto...

7.8CVSS7.7AI score0.00125EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/12/16 12:0 a.m.83 views

CVE-2022-20597

CVE-2022-20597 describes a local Elevation of Privilege in the Android kernel: in ppmpu_set of ppmpu.c, an integer overflow can lead to a local escalation of privilege with no extra execution privileges and no user interaction required. Public sources in NVD/Red Hat entries corroborate the Androi...

7.8CVSS7.7AI score0.00174EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/12/16 12:0 a.m.86 views

CVE-2022-20585

CVE-2022-20585 affects the Android kernel component drm_access_control.c, specifically the function valid_out_of_special_sec_dram_addr. The issue is an elevation of privilege due to improper input validation, enabling local privilege escalation with no extra user interaction. Exploitation details...

7.8CVSS7.7AI score0.00125EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/12/16 12:0 a.m.25 views

CVE-2022-20587

In ppmpvalidatewsm of drmfw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

7.9AI score0.00125EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/12/16 12:0 a.m.26 views

CVE-2022-20598

In secmediaprotect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...

7.9AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/12/16 12:0 a.m.32 views

CVE-2022-20588

In sysmmumap of sysmmu.c, there is a possible EoP due to a precondition check failure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238785915Reference...

6.9AI score0.00124EPSS
Exploits0References1
CVE
CVE
added 2022/12/16 12:0 a.m.91 views

CVE-2022-20588

CVE-2022-20588 affects the Android kernel in the sysmmu_map function of sysmmu.c. The issue is a precondition check failure that can enable local elevation of privilege, granting System execution privileges. Exploitation details are not provided in the supplied documents; no user interaction is r...

6.7CVSS6.6AI score0.00124EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/12/16 12:0 a.m.108 views

CVE-2022-20586

CVE-2022-20586 describes an elevation of privilege in the Android kernel due to improper input validation in the function valid_out_of_special_sec_dram_addr within drm_access_control.c. The vulnerability could allow local escalation of privilege without any additional execution privileges, with a...

7.8CVSS7.7AI score0.00125EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/12/16 12:0 a.m.88 views

CVE-2022-20598

CVE-2022-20598 describes an integer overflow in the Android kernel’s sec_media_protect function (media.c). The issue can cause a local Elevation of Privilege in the secure mode MFC Core, with no additional privileges or user interaction required. The available documents specify the vulnerability ...

7.8CVSS7.7AI score0.00174EPSS
Exploits0References1Affected Software1
Information Security Automation
Information Security Automation
added 2022/10/29 8:37 a.m.85 views

Microsoft Patch Tuesday October 2022: Exchange ProxyNotShell RCE, Windows COM+ EoP, AD EoP, Azure Arc Kubernetes EoP

Hello everyone! This episode will be about Microsoft Patch Tuesday for October 2022, including vulnerabilities that were added between September and October Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. Alternative video link for Russia: $ cat...

0.5AI score0.9997EPSS
Exploits16
NVD
NVD
added 2022/10/11 8:15 p.m.17 views

CVE-2022-20435

There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: AndroidVersions: Android SoCAndroid ID: A-242248367...

7.8CVSS0.00154EPSS
Exploits0References1
Prion
Prion
added 2022/10/11 8:15 p.m.18 views

Code injection

There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: AndroidVersions: Android SoCAndroid ID: A-242248367...

4.3CVSS7.4AI score0.00154EPSS
Exploits0References1
CVE
CVE
added 2022/10/11 12:0 a.m.115 views

CVE-2022-20435

CVE-2022-20435 is an Android vulnerability described as an unauthorized service in the system service that, due to missing permission checks, can lead to local elevation of privilege and potentially a system reboot. Connected OSV entries (ASB-A-242248367 and ASB-A-242248369) corroborate an unauth...

7.8CVSS7.4AI score0.00154EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/10/11 12:0 a.m.29 views

CVE-2022-20435

There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: AndroidVersions: Android SoCAndroid ID: A-242248367...

7.7AI score0.00154EPSS
Exploits0References1
Rows per page
Query Builder