875 matches found
CVE-2019-9440
In AOSP Email, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of the Email app's protected files with User execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-37637796...
CVE-2019-9280
In keyguard, there is a possible escalation of privilege due to improper permission checks. This could lead to a local bypass of the keyguard under limited circumstances, with User execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:...
CVE-2019-9277
In the proc filesystem, there is a possible information disclosure due to log information disclosure. This could lead to local disclosure of app and browser activity with User execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android...
Design/Logic Flaw
In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
CVE-2019-2137
In the endCall function of TelecomManager.java, there is a possible Denial of Service due to a missing permission check. This could lead to local denial of access to Emergency Services with User execution privileges needed. User interaction is not needed for exploitation. Product: Android...
Design/Logic Flaw
In the endCall function of TelecomManager.java, there is a possible Denial of Service due to a missing permission check. This could lead to local denial of access to Emergency Services with User execution privileges needed. User interaction is not needed for exploitation. Product: Android...
CVE-2018-7834
A CWE-79 Cross-Site Scripting vulnerability exists in all versions of the TSXETG100 allowing an attacker to send a specially crafted URL with an embedded script to a user that would then be executed within the context of that user...
Out-of-bounds
In HIDDevAddRecord of hiddapi.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth service with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:...
CVE-2018-9560
In HIDDevAddRecord of hiddapi.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth service with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:...
Out-of-bounds
In BNEPWrite of bnepapi.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1...
CVE-2018-9357
In BNEPWrite of bnepapi.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1...
Intel Deep Learning Training Tool Elevation of Privilege Vulnerability
Intel Deep Learning Training Tool Beta is a set of deep learning training tools from Intel USA. The tool supports visual tuning and running deep learning algorithms. An elevation of privilege vulnerability exists in Intel Deep Learning Training Tool Beta 1. A remote attacker could exploit this...
Cross site scripting
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users including unauthenticated users, via the name, title, or id parameter to...
Code injection
nscd in the GNU C Library aka glibc or libc6 before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd...
Microsoft Windows LDAP CVE-2017-0166 Remote Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to run processes with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems...
Command injection
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user...
Microsoft Internet Explorer CVE-2015-6042 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
WiFi software Acrylic WiFi Free v2.0 - Real-time WLAN information and network analysis
New Acrylic WiFi software update. WiFi software for network analysis has gone through many changes since the first free version and finally reaches version v2.0 with more power than ever and long awaited features for network and channel analysis under Windows and with any wireless card. Acrylic...
MGASA-2014-0215 Updated php packages fix CVE-2014-0185
Updated php packages fix security vulnerability: PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user CVE-2014-0185. Additionally updated...
Gollos 2.8 Cross Site Scripting
==================================== Vulnerability ID: HTB22831 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityingollos.html Product: Gollos Vendor: Gollos http://www.gollos.com/ Vulnerable Version: 2.8 and probably prior versions Vendor Notification: 01 February 2011 Vulnerability...