Lucene search
K

621 matches found

ThreatPost
ThreatPost
added 2012/12/07 8:6 p.m.35 views

Qualcomm Patches Privilege Escalation, DoS Vulnerabilities in Android Devices

Qualcomm has patched a handful of vulnerabilities in its devices that if exploited could leave Android OS kernels open to privilege escalation or denial of service DoS attacks. According to notes published earlier today by Michael Orlando, a vulnerability analyst at the United States Computer...

6.8CVSS7AI score0.03032EPSS
Exploits0References6
CERT
CERT
added 2012/12/07 12:0 a.m.45 views

Qualcomm Android OS kernel privilege escalation and denial of service vulnerabilites

Overview Android OS kernels running on certain Qualcomm devices contain multiple vulnerabilities which could allow an attacker to cause privilege escalation or Denial of Service DoS. Description The Qualcomm Innovation Center, Inc. advisory states:Summary: A locally installed application can caus...

6.8CVSS7.2AI score0.03032EPSS
Exploits0References2
NVD
NVD
added 2012/11/30 12:54 p.m.27 views

CVE-2012-4222

drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center QuIC Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service NULL pointer dereference via an application that uses crafted arguments in a local kgslioctl call...

4.3CVSS6.1AI score0.00693EPSS
Exploits0References2
NVD
NVD
added 2012/11/30 12:54 p.m.26 views

CVE-2012-4221

Integer overflow in diagcharcore.c in the Qualcomm Innovation Center QuIC Diagnostics aka DIAG kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local diagcharioctl call...

6.8CVSS7.5AI score0.02063EPSS
Exploits0References2
NVD
NVD
added 2012/11/30 12:54 p.m.27 views

CVE-2012-4220

diagcharcore.c in the Qualcomm Innovation Center QuIC Diagnostics aka DIAG kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service incorrect pointer dereference via an application that uses crafted arguments in a local diagcharioctl...

6.8CVSS7.4AI score0.03032EPSS
Exploits0References2
Prion
Prion
added 2012/11/30 12:54 p.m.22 views

Integer overflow

Integer overflow in diagcharcore.c in the Qualcomm Innovation Center QuIC Diagnostics aka DIAG kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local diagcharioctl call...

6.8CVSS8.2AI score0.03032EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2012/11/30 12:54 p.m.23 views

Null pointer dereference

diagcharcore.c in the Qualcomm Innovation Center QuIC Diagnostics aka DIAG kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service incorrect pointer dereference via an application that uses crafted arguments in a local diagcharioctl...

6.8CVSS7.8AI score0.03032EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2012/11/30 11:0 a.m.37 views

CVE-2012-4222

drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center QuIC Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service NULL pointer dereference via an application that uses crafted arguments in a local kgslioctl call...

6AI score0.00693EPSS
Exploits0References2
CVE
CVE
added 2012/11/30 11:0 a.m.65 views

CVE-2012-4222

CVE-2012-4222 refers to the Qualcomm KGSL kernel-mode driver in Android 2.3–4.2, where a crafted kgsl_ioctl input can trigger a NULL pointer dereference, causing DoS. Connected docs also cover CVE-2012-4220 (diagchar_core.c) and CVE-2012-4221 (diagchar_core.c/integer overflow) with local DIAG/DIA...

4.3CVSS6.2AI score0.00693EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2012/11/30 11:0 a.m.81 views

CVE-2012-4221

CVE-2012-4221 involves an integer overflow in the Qualcomm Innovation Center (QuIC) Diagnostics (DIAG) kernel-mode driver for Android 2.3–4.2, specifically in diagchar_core.c. An attacker could exploit crafted arguments via a local diagchar_ioctl call to achieve arbitrary code execution or cause ...

6.8CVSS7.7AI score0.02063EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2012/11/30 11:0 a.m.41 views

CVE-2012-4220

diagcharcore.c in the Qualcomm Innovation Center QuIC Diagnostics aka DIAG kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service incorrect pointer dereference via an application that uses crafted arguments in a local diagcharioctl...

7.3AI score0.03032EPSS
Exploits0References2
seebug.org
seebug.org
added 2012/08/18 12:0 a.m.28 views

Microsoft Windows 本地权限提升漏洞(CVE-2012-2527)

Bugtraq ID:54873 CVE ID:CVE-2012-2527 Microsoft Windows是一款流行的操作系统。 Microsoft Windows中的内核模式驱动中的win32k.sys访问内存中对象时存在一个释放后使用漏洞,允许攻击者构建恶意应用,在系统上执行,可以内核上下文执行任意代码。 0 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 Microsoft Windows 7 厂商解决方案...

7.2CVSS6.5AI score0.01663EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2012/07/10 12:0 a.m.9 views

PT-2012-3631 · Microsoft · Windows Server 2003 +5

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 and SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2, R2, and R2 SP1 Microsoft Windows 7 versions Gold and SP1 Description: The issu...

7.2CVSS6.6AI score0.01791EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2012/06/13 12:0 a.m.38 views

Microsoft Lync Remote Code Execution Vulnerabilities (2707956)

This host is missing a critical security update according to Microsoft Bulletin MS12-039. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.3CVSS5.6AI score0.78285EPSS
Exploits8References8
seebug.org
seebug.org
added 2012/05/09 12:0 a.m.40 views

Microsoft Windows本地权限提升漏洞(CVE-2012-0180)(MS12-034)

BUGTRAQ ID: 53324 CVE ID: CVE-2012-0180 Microsoft Windows是流行的计算机操作系统。 Windows内核模式驱动程序管理与窗口和消息处理相关的功能的方式中存在一个特权提升漏洞。成功利用此漏洞的攻击者可以运行内核模式中的任意代码。攻击者随后可安装程序;查看、更改或删除数据;或者创建拥有完全管理权限的新帐户。 0 Microsoft Windows Windows XP Service Pack 3 0 Microsoft Windows Windows XP Professional x64 Ed Microsoft Windows...

7.2CVSS6.3AI score0.01263EPSS
Exploits1
Prion
Prion
added 2012/03/13 9:55 p.m.21 views

Design/Logic Flaw

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted applicati...

7.2CVSS6.7AI score0.0144EPSS
Exploits1References4Affected Software2
Cvelist
Cvelist
added 2012/03/13 9:0 p.m.34 views

CVE-2012-0157

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted applicati...

6.2AI score0.0144EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2011/11/07 12:0 a.m.36 views

Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability

The host is installed with Microsoft Windows operating system and is prone to pivilege escalation vulnerability. This NVT has been replaced by NVT secpodms11-087.nasl OID:1.3.6.1.4.1.25623.1.0.902767. OpenVAS Vulnerability Test $Id: gbmstruetypefontprivilegeelevationvuln.nasl 5362 2017-02-20...

9.3CVSS0.9AI score0.78285EPSS
Exploits1References3
CVE
CVE
added 2011/07/13 11:0 p.m.65 views

CVE-2011-1888

CVE-2011-1888 corresponds to a Windows kernel privilege-escalation flaw in the Win32k.sys driver. The vulnerability is a NULL pointer dereference in kernel-mode code that could allow a local attacker to gain elevated privileges on affected Windows versions (Vista SP1/SP2, Windows Server 2008 Gold...

7.2CVSS6.3AI score0.0166EPSS
Exploits2References7Affected Software3
CVE
CVE
added 2011/07/13 11:0 p.m.65 views

CVE-2011-1883

CVE-2011-1883 is a use-after-free vulnerability in win32k.sys (kernel-mode drivers) across Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7 SP1. The flaw stems from incorrect driver object management in kernel-mode, enabling local privilege escalation to ...

7.2CVSS6.5AI score0.01405EPSS
Exploits0References8Affected Software6
Rows per page
Query Builder