CVE-2023-7025 KylinSoft hedron-domain-hook DBus init_kcm access control

A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function initkcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has...

CVE-2023-7025 KylinSoft hedron-domain-hook DBus init_kcm access control

A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function initkcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has...

PT-2023-32841 · Kylinsoft · Hedron-Domain-Hook

Name of the Vulnerable Software and Affected Versions: KylinSoft hedron-domain-hook versions up to 3.8.0.12-0k0.5 Description: A critical issue affects the init kcm function of the DBus Handler component, leading to improper access controls. The manipulation requires local attacking. The exploit...

CVE-2023-50271

A potential security vulnerability has been identified with HP-UX System Management Homepage SMH. This vulnerability could be exploited locally or remotely to disclose information...

CVE-2023-50271

Technical details about CVE-2023-50271 are not publicly available in the provided connected documents; monitor for updates.

CVE-2023-48415

CVE-2023-48415 concerns an out-of-bounds read in Init of protocolembmsadapter.cpp caused by a missing bounds check. Per multiple connected documents, this can lead to local information disclosure without requiring user interaction. The issue is associated with Android/Google Pixel components (inc...

CVE-2023-48411

In SignalStrengthAdapter::FillGsmSignalStrength of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation...

Vulnerability fixed in IBM AIX

IBM has fixed a vulnerability in AIX. Through an error in the invscout command, a local malicious person can execute arbitrary execute arbitrary commands on the system. IBM has released updates to fix the vulnerability in AIX invscout. For more information, see:...

kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route

There are 3 CVEs for the use-after-free flaw found in net/sched/clsfw.c in classifiers clsfw, clsu32, and clsroute in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. A local user could use any of these flaws to crash the system or potentially escalate their privileges on the system...

Vulnerability of the diFree function (fs/jfs/jfs_imap.c) in the Linux operating system, allowing a local attacker to execute arbitrary code

The vulnerability of the diFree function fs/jfs/jfsimap.c in the jfs file system of the Linux operating system is related to the use of memory after it is freed during a mount failure. Exploiting this vulnerability allows an attacker acting locally to execute arbitrary code...

mariadb: lack of validating the existence of an object prior to performing operations on the object

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

SUSE CVE-2023-47233

The brcm80211 component in the Linux kernel through 6.5.10 has a brcmfcfg80211detach use-after-free in the device unplugging disconnect the USB by hotplug code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause a local elevation of privilege...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause a local elevation of privilege...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause a local elevation of privilege...

SUSE SLES12: kernel-livepatch-4_12_14-150100_197_126-default / etc (SUSE-SU-2023:4244-1)

The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4244-1 advisory. This update for the Linux Kernel 4.12.14-122173 fixes one issue. The following security issue was fixed: - CVE-2023-4623: Fixed a use-after-fre...

CVE-2023-40128

In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Stack overflow

An issue was discovered in Broadcom LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 aka AGRSM64.sys. There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory IOCTL 0x1b2150. An attacker can exploit this to elevate privileges from a medium-integrity process to...

K20307245: BIG-IP tmsh vulnerability CVE-2023-45219

Security Advisory Description Exposure of Sensitive Information vulnerability exists in an undisclosed BIG-IP TMOS Shell tmsh command, which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. CVE-2023-45219 Impact An authenticated attack...

CVE-2023-5463

A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to t...