621 matches found
Qualcomm Patches Privilege Escalation, DoS Vulnerabilities in Android Devices
Qualcomm has patched a handful of vulnerabilities in its devices that if exploited could leave Android OS kernels open to privilege escalation or denial of service DoS attacks. According to notes published earlier today by Michael Orlando, a vulnerability analyst at the United States Computer...
Qualcomm Android OS kernel privilege escalation and denial of service vulnerabilites
Overview Android OS kernels running on certain Qualcomm devices contain multiple vulnerabilities which could allow an attacker to cause privilege escalation or Denial of Service DoS. Description The Qualcomm Innovation Center, Inc. advisory states:Summary: A locally installed application can caus...
CVE-2012-4222
drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center QuIC Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service NULL pointer dereference via an application that uses crafted arguments in a local kgslioctl call...
CVE-2012-4221
Integer overflow in diagcharcore.c in the Qualcomm Innovation Center QuIC Diagnostics aka DIAG kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local diagcharioctl call...
CVE-2012-4220
diagcharcore.c in the Qualcomm Innovation Center QuIC Diagnostics aka DIAG kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service incorrect pointer dereference via an application that uses crafted arguments in a local diagcharioctl...
Integer overflow
Integer overflow in diagcharcore.c in the Qualcomm Innovation Center QuIC Diagnostics aka DIAG kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local diagcharioctl call...
Null pointer dereference
diagcharcore.c in the Qualcomm Innovation Center QuIC Diagnostics aka DIAG kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service incorrect pointer dereference via an application that uses crafted arguments in a local diagcharioctl...
CVE-2012-4222
drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center QuIC Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service NULL pointer dereference via an application that uses crafted arguments in a local kgslioctl call...
CVE-2012-4222
CVE-2012-4222 refers to the Qualcomm KGSL kernel-mode driver in Android 2.3–4.2, where a crafted kgsl_ioctl input can trigger a NULL pointer dereference, causing DoS. Connected docs also cover CVE-2012-4220 (diagchar_core.c) and CVE-2012-4221 (diagchar_core.c/integer overflow) with local DIAG/DIA...
CVE-2012-4221
CVE-2012-4221 involves an integer overflow in the Qualcomm Innovation Center (QuIC) Diagnostics (DIAG) kernel-mode driver for Android 2.3–4.2, specifically in diagchar_core.c. An attacker could exploit crafted arguments via a local diagchar_ioctl call to achieve arbitrary code execution or cause ...
CVE-2012-4220
diagcharcore.c in the Qualcomm Innovation Center QuIC Diagnostics aka DIAG kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service incorrect pointer dereference via an application that uses crafted arguments in a local diagcharioctl...
Microsoft Windows 本地权限提升漏洞(CVE-2012-2527)
Bugtraq ID:54873 CVE ID:CVE-2012-2527 Microsoft Windows是一款流行的操作系统。 Microsoft Windows中的内核模式驱动中的win32k.sys访问内存中对象时存在一个释放后使用漏洞,允许攻击者构建恶意应用,在系统上执行,可以内核上下文执行任意代码。 0 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 Microsoft Windows 7 厂商解决方案...
PT-2012-3631 · Microsoft · Windows Server 2003 +5
Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 and SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2, R2, and R2 SP1 Microsoft Windows 7 versions Gold and SP1 Description: The issu...
Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
This host is missing a critical security update according to Microsoft Bulletin MS12-039. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Windows本地权限提升漏洞(CVE-2012-0180)(MS12-034)
BUGTRAQ ID: 53324 CVE ID: CVE-2012-0180 Microsoft Windows是流行的计算机操作系统。 Windows内核模式驱动程序管理与窗口和消息处理相关的功能的方式中存在一个特权提升漏洞。成功利用此漏洞的攻击者可以运行内核模式中的任意代码。攻击者随后可安装程序;查看、更改或删除数据;或者创建拥有完全管理权限的新帐户。 0 Microsoft Windows Windows XP Service Pack 3 0 Microsoft Windows Windows XP Professional x64 Ed Microsoft Windows...
Design/Logic Flaw
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted applicati...
CVE-2012-0157
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted applicati...
Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability
The host is installed with Microsoft Windows operating system and is prone to pivilege escalation vulnerability. This NVT has been replaced by NVT secpodms11-087.nasl OID:1.3.6.1.4.1.25623.1.0.902767. OpenVAS Vulnerability Test $Id: gbmstruetypefontprivilegeelevationvuln.nasl 5362 2017-02-20...
CVE-2011-1888
CVE-2011-1888 corresponds to a Windows kernel privilege-escalation flaw in the Win32k.sys driver. The vulnerability is a NULL pointer dereference in kernel-mode code that could allow a local attacker to gain elevated privileges on affected Windows versions (Vista SP1/SP2, Windows Server 2008 Gold...
CVE-2011-1883
CVE-2011-1883 is a use-after-free vulnerability in win32k.sys (kernel-mode drivers) across Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7 SP1. The flaw stems from incorrect driver object management in kernel-mode, enabling local privilege escalation to ...