CVE-2022-20141

In ipcheckmcrcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2019-25062

A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be us...

Apple macOS Monterey 缓冲区错误漏洞

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A buffer error vulnerability exists in Apple macOS Monterey versions 12.0 21A344 through 12.3.1 21E258, which stems from a boundary error in AMD firmware. A local user can exploit the...

Apple macOS Monterey 缓冲区错误漏洞

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A buffer error vulnerability exists in Apple macOS Monterey versions 12.0 21A344 through 12.3.1 21E258, which stems from a boundary error in AMD firmware. A local user can run a specially...

CVE-2022-20007

In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges neede...

kernel: use after free in eventpoll.c may lead to escalation of privilege

A flaw was found in the Linux kernel. A logic error in eventpoll.c can cause a use-after-free, leading to a local escalation of privilege with no additional execution privileges. User interaction is not needed for exploitation. The highest threat from this vulnerability is to confidentiality,...

Denial of service

Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability...

CVE-2021-39801

In ionioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which stems from a missing privilege check in SmsController. An attacker could exploit this vulnerability to cause a local elevation of privilege...

CVE-2017-20012 WEKA INTEREST Security Scanner Stresstest Scheme denial of service

A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This...

PT-2022-9137 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-12 Description: The issue allows for a bypass of Factory Reset Protections, potentially leading to local escalation of privilege without requiring additional execution privileges. User interaction i...

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel versions prior to 5.15-rc1 have a denial-of-service vulnerability that stems from a false cancel operation that triggers the commit of a new io-uring, resulting in a kernel error. An attacke...

MGASA-2022-0085 Updated flac packages fix security vulnerability

In appendtoverifyfifointerleaved of streamencoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. CVE-2021-0561...

CVE-2022-23163

Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability...

kernel: use-after-free in RDMA listen()

A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this...

CVE-2022-24048

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2021-39687

In HandleTransactionIoEvent of actuatordriver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

Design/Logic Flaw

A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows versions: Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentialit...

CVE-2021-45336

Summary: CVE-2021-45336 is a privilege-escalation flaw in Avast Antivirus’s Sandbox component. Local, sandboxed code could gain elevated privileges by abusing system IPC interfaces, potentially exiting the sandbox to obtain SYSTEM privileges. Affected versions: Avast Antivirus prior to 20.4. Impa...

CVE-2021-0677

The CVE-2021-0677 issue affects the ccu driver, where an integer overflow can trigger an out-of-bounds read, leading to local information disclosure with SYSTEM privileges required. Exploitation reportedly does not need user interaction. The Red Hat and NVD entries corroborate this description; p...