CVE-2024-39436

In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed...

EUVD-2021-23550

Malware in sbrugna...

EUVD-2019-9663

Malware in sbrugna...

EUVD-2023-40392

Malicious code in bioql PyPI...

EUVD-2022-31353

Malicious code in bioql PyPI...

EUVD-2022-44352

Malicious code in bioql PyPI...

EUVD-2022-38654

Malicious code in bioql PyPI...

CVE-2024-20115

In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09036695; Issue ID: MSV-1713...

CVE-2018-9471

In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-20118

CVE-2024-20118 affects the MediaTek mms component, with an out-of-bounds write caused by an incorrect bounds check. This can lead to local escalation of privilege and SYSTEM privileges are required for exploitation; no user interaction is needed. A patch is referenced as ALPS09062392 (MSV-1621). ...

PT-2024-4280

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description An elevation-of-privilege vulnerability exists in the Microsoft Windows Kernel Streaming service. The vulnerability is due to improper handling of untrusted pointer dereferencing...

Unspecified Vulnerability in Microsoft Win32K (CNVD-2024-24945)

Microsoft Win32k is a system file for Windows multi-user management from Microsoft USA. A security vulnerability exists in Microsoft Win32K. An attacker could exploit the vulnerability to cause elevation of privilege...

CVE-2023-42534

Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege...

CVE-2023-20834

In pda, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608514; Issue ID: ALPS07608514...

CVE-2023-20774

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292228; Issue ID: ALPS07292228...

Design/Logic Flaw

In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262617; Issue ID: ALPS07262617...

CVE-2021-0343

In kisd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449962...

Type confusion

In SurfaceFlinger, there is possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153467444...

CVE-2020-0305

In cdevget of chardev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744...

WordPress Flaw Opens Millions of WooCommerce Shops to Takeover

Up to 4 million online merchants who use the popular WooCommerce WordPress plugin are vulnerable to a file deletion vulnerability that could allow a rogue “shop manager” to escalate privileges and eventually execute remote code on impacted websites. Researchers at RIPS Technologies trace the bug ...