C Exploits
3,550 exploits tracked across all sources.
OpenSMTPD <6.6.4 - Info Disclosure
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
by Qualys Corporation
CVSS 4.7
Windows Theme API - RCE
A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Eduardo Braun Prado
CVSS 7.8
Ricoh <2020 - Privilege Escalation
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version
by pentagrid
CVSS 7.8
SunOS 5.10 Generic_147148-26 - Local Privilege Escalation
by Marco Ivaldi
Microsoft Windows 10 BasicRender.sys - Denial of Service (PoC)
by vportal
Lenovo Power Management Driver < 1.67.17.48 - Buffer Overflow
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.
by Nassim Asrir
CVSS 4.4
iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption (PoC)
by Sem Voigtlander
Microsoft Windows 10 - 'WSReset' UAC Protection Bypass (propsys.dll)
by valen
libslirp 4.0.0 - Buffer Overflow
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
by vishnudevtj
CVSS 8.8
Linux - Use-After-Free Reads in show_numa_stats()
by Google Security Research
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
by bcoles
CVSS 7.8
Apache-ssl - Buffer Overflow
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
by Brian Peters
Linux - Use-After-Free via race Between modify_ldt() and #BR Exception
by Google Security Research
Serv-U FTP Server prepareinstallation Privilege Escalation
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
by Guy Levin
CVSS 8.8
Huawei eSpace Desktop <V200R003C00 - RCE
Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll.
by LiquidWorm
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
by Marco Ivaldi
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
by Marco Ivaldi
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (1)
by Marco Ivaldi
iOS <12.1.4 - Privilege Escalation
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.
by ZecOps
CVSS 7.8
Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition
by Google Security Research
Canonical snapd <2.37.4 - Privilege Escalation
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4.
by Google Security Research
CVSS 7.5
Linux Kernel < 4.6 - Information Disclosure
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
by wally0813
CVSS 5.5
By Source