| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. |
| Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer. |
| dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file. |
| tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel |
| Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in the UFS standard, is provided by UFS devices to support platforms that need to download the system boot loader from external non-volatile storage locations. Several scenarios have been identified in which adversaries may disable the boot capability, or revert to an old boot loader code, if the host boot ROM code is improperly implemented. UFS Host Boot ROM implementers may be impacted by this vulnerability. UFS devices are only impacted when connected to a vulnerable UFS Host and are not independently impacted by this vulnerability. When present, the vulnerability is in the UFS Host implementation and is not a vulnerability in Western Digital UFS Devices. Western Digital has provided details of the vulnerability to the JEDEC standards body, multiple vendors of host processors, and software solutions providers. |
| File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL. |
| Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions. |
| Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Permissions. |
| vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body (e.g. read a storage variable updated in the loop body) and thus lead to unexpected program behavior. Specifically, reads in iterators which contain an ifexp (e.g. `for s: uint256 in ([read(), read()] if True else [])`) may interleave reads with writes in the loop body. Vyper for loops allow two kinds of iterator targets, namely the `range()` builtin and an iterable type, like SArray and DArray. During codegen, iterable lists are required to not produce any side-effects (in the following code, `range_scope` forces `iter_list` to be parsed in a constant context, which is checked against `is_constant`). However, this does not prevent the iterator from consuming side effects provided by the body of the loop. For SArrays on the other hand, `iter_list` is instantiated in the body of a `repeat` ir, so it can be evaluated several times. This issue is being addressed and is expected to be available in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| Resource reuse vulnerability in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality. |
|
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
|
| In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07341261. |
| In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547. |
| In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519159; Issue ID: ALPS07519159. |
| In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519184; Issue ID: ALPS07519184. |
| On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
|
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system.
|
