PUB-A-186530889

In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User...

PUB-A-190435883

In PVInitVideoEncoder of mp4encapi.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-190619791

In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User...

Vulnerabilities fixed in IBM MQ

IBM has fixed several vulnerabilities in MQ. A malicious person could potentially exploit the vulnerabilities locally to cause a denial-of-service, gain access to sensitive data or execute arbitrary code under the user's privileges. IBM has released updates to fix the vulnerability. More...

Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux

PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker coul...

Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux

This is a PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The exploit targets Ubuntu versions 20.10, 20.04 LTS, 19.04, 18.04 LTS, 16.04 LTS, and 14.04 ESM. The vulnerability arises from a Linux kernel issue where it did not properly validate the...

Out-of-bounds

In ape extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561395; Issue ID: ALPS05561395...

Input validation

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

CVE-2021-29213

A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52. The vulnerability could be locally exploited to cause disclosure of sensitiv...

Security feature bypass

A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52. The vulnerability could be locally exploited to cause disclosure of sensitiv...

Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux

PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker coul...

DEBIAN-CVE-2021-37969

Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file...

CVE-2021-0692

In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Metasploit Wrap-Up

Capture Credentials with our new SMB Server Our own Adam Galway revamped the old SMB capture module and now supports NTLMv1 and NTLMv2, as well as SMB1, SMB2 and SMB3. This was possible thanks to @zeroSteiner's new RubySMB server implementation. Metasploit is now able to capture NTLM hashes from...

CVE-2021-0416

CVE-2021-0416 concerns the Mediatek memory management driver. The available descriptions state a vulnerability due to improper input validation that can cause a system crash, yielding local denial of service without requiring user interaction. Affected components are described as the memory manag...

CVE-2021-0407

In clk driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05479659; Issue ID: ALPS05479659...

CVE-2021-0639

CVE-2021-0639 affects Android/Widevine through libl3oemcrypto.cpp. Described as a local information disclosure due to weaknesses in the obfuscation/handling of sensitive data; requires no user interaction. Documented impact is partial confidentiality loss with local access and no privileges beyon...

CVE-2021-22422

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting...

kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c

A NULL pointer dereference flaw was found in the Xirlink camera USB driver 'xirlink-cit' in the Linux kernel. The driver mishandles invalid descriptors leading to a denial-of-service DoS. This could allow a local attacker with user privilege to crash the system or leak kernel internal information...

Google Android DevicePolicyManagerService.java Elevation of Privilege Vulnerability

Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android DevicePolicyManagerService.java. An attacker can exploit this vulnerability to cause a local elevation of privilege...