kernel: Kernel panic and system lockup by triggering BUG_ON() in public_key_verify_signature()

A syntax vulnerability was discovered in the kernel's ASN1.1 DER decoder, which could lead to memory corruption or a complete local denial of service through x509 certificate DER files. A local system user could use a specially created key file to trigger BUGON in the publickeyverifysignature...

Linux Kernel (Ubuntu / Fedora / Redhat) - 'Overlayfs' Privilege Escalation Exploit

Exploit for linux platform in category local exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "msf/core" class MetasploitModule 'Overlayfs Privilege Escalation', 'Description' = %q This module attempts ...

DirtyCow Local Root Proof Of Concept Exploit

Exploit for linux platform in category local exploits / uncomment correct payload first x86 or x64! $ gcc cowroot.c -o cowroot -pthread $ ./cowroot DirtyCow root privilege escalation Backing up /usr/bin/passwd.. to /tmp/bak Size of binary: 57048 Racing, this may take a while.. /usr/bin/passwd...

SUSE-SU-2016:2593-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to fix two issues. This security bug was fixed: - CVE-2016-5195: Local privilege escalation using MAPPRIVATE. It is reportedly exploited in the wild bsc1004418. This non-security bug was fixed: - sched/core: Fix a race between trytowakeup an...

Oracle Sun Systems Products Suite Solaris Component Local Denial of Service Vulnerability

Oracle Solaris is a set of Unix-like operating systems from Oracle. A local denial of service vulnerability exists in the Filesystem subcomponent of the Oracle Solaris component of the Oracle Sun Systems Products Suite, versions 10 and 11.3. An attacker could exploit this vulnerability to cause a...

USN-3098-1 linux vulnerabilities

Vladimír Beneš discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload GRO processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service system crash. CVE-2016-7039 Marco Grassi discovered a...

CVE-2016-4709

CVE-2016-4709 is a local privilege-escalation vulnerability in WindowServer on Apple OS X/macOS prior to 10.12. The root cause is a type-confusion issue in CoreGraphics handling that allows a local attacker to obtain root privileges. Connected advisories (ZDI-16-608/16-609) describe the same Wind...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the drivers/media/platform/msm/camerav2/sensor/csiphy/msmcsiphy.c component of Qualcomm’s Android operating system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating locally, to enhance their privileges through an...

7-Zip Local Code Execution Vulnerability

7-Zip is a free, open source compression/decompression software. A local code execution vulnerability exists in 7-Zip, which can be exploited by a local attacker to execute arbitrary code in an affected application, possibly also resulting in a denial of service...

KLA10848 Multiple vulnerabilities in Oracle VM VirtualBox

An unspecified vulnerabilities were found in Oracle VM VirtualBox. By exploiting these vulnerabilities malicious users can cause denial of service or obtain sensitive vulnerabilities. These vulnerabilities can be exploited remotely or locally. Original advisories Oracle bulletin Related products...

The Debian/Ubuntu Exim local mention the right vulnerability

No description provided by source...

Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation

/ EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44300.zip Video https://www.youtube.com/watch?v=qchiJn94kTo / / decr.c / / Ubuntu 16.04 local root exploit - netfilter targetoffset OOB checkcompatentrysizeandhooks/checkentry Tested on...

DEBIAN-CVE-2016-1237

nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c...

Cisco Unified IP Phones本地权限提升漏洞

No description provided by source...

Android Qualcomm Video Driver Local Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and Qualcomm Video Driver is a video driver developed by Qualcomm. An elevation of privilege vulnerability exists in the Qualcomm Video Driver for Android. A local attacker could exploit...

KLA10813 Privilege escalation vulnerability in Apple iTunes

An unspecified vulnerability was found in Apple iTunes setup. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited locally via a DLL hijack. Original advisories Apple advisory Related products Apple-iTunes CVE list CVE-2016-1742 high Solution...

KLA10814 Privilege escalation vulnerability in VMware Player and Workstation

An improper file access was found in VMware products. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited locally. Original advisories VMware advisory Related products VMware-Workstation VMware-Player CVE list CVE-2016-2077 critical Solution...

Microsoft Windows Win32k Elevation of Privilege Vulnerability (CNVD-2016-03105)

Microsoft Windows is a series of operating systems released by Microsoft USA. win32k.sys is the kernel part of the Windows subsystem, a kernel-mode device driver, which contains a window manager, background control windows and screen output management. An elevation of privilege vulnerability exis...

CVE-2016-0774

CVE-2016-0774 affects Linux kernel backports in Debian wheezy (before 3.2.73-2+deb7u3) and RHEL 7.1 (before 3.10.0-229.26.2). The flaw is in the pipe_read/pipe_write paths in fs/pipe.c where the side effects of failed __copy_to_user_inatomic/__copy_from_user_inatomic calls are not properly handle...

SAP NetWeaver AS ABAP - Directory traversal using READ DATASET

Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.4 Vendor URL: SAP Bugs: Directory traversal Reported: 22.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2312966 Author: Daria Prosochkina ERPScan VULNERABILITY...