C Exploits
3,621 exploits tracked across all sources.
Serv-U FTP Server prepareinstallation Privilege Escalation
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
by Guy Levin
CVSS 8.8
Huawei eSpace Desktop <V200R003C00 - RCE
Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll.
by LiquidWorm
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
by Marco Ivaldi
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
by Marco Ivaldi
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (1)
by Marco Ivaldi
iPhone OS < 12.1.4 and macOS < 10.14.3 - Out-of-bounds Write
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.
by ZecOps
CVSS 7.8
Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition
by Google Security Research
Canonical snapd <2.37.4 - Privilege Escalation
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4.
by Google Security Research
CVSS 7.5
Linux Kernel < 4.6 - Information Disclosure via Uninitialized ALSA Timer Data Structures
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
by wally0813
CVSS 5.5
AirDrop < 2.0 - Denial of Service via Socket Connection Flood
The AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port.
by s4vitar
CVSS 7.5
Android Kernel < 4.8 - ptrace seccomp Filter Bypass
by Google Security Research
iPhone OS < 12.1.3, macOS < 10.14.3, tvOS < 12.1.2 - Out-of-bounds Write
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
by Google Security Research
CVSS 7.8
iPhone OS < 12.1.3, macOS < 10.14.3, tvOS < 12.1.2, watchOS < 5.1.3 - Sandbox Escape via Type Confusion
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to break out of its sandbox.
by Google Security Research
CVSS 8.6
iPhone OS < 12.1.3 - Remote Code Execution via Buffer Overflow
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges.
by Google Security Research
CVSS 7.8
iPhone OS < 12.1.3, macOS < 10.14.3, tvOS < 12.1.2 - Out-of-bounds Write
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges.
by Google Security Research
CVSS 7.8
iPhone OS < 12.1.3, macOS < 10.14.3, tvOS < 12.1.2 - Memory Corruption via Improper Initialization
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
by Google Security Research
CVSS 5.5
iPhone OS < 12.1.3, macOS < 10.14.3, tvOS < 12.1.2, watchOS < 5.1.3 - Out-of-bounds Read
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout.
by Google Security Research
CVSS 5.5
iPhone OS < 12.1.3 - Memory Corruption via Improved Validation
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.
by Google Security Research
CVSS 7.8
Linux Kernel < 4.16.9 - Unauthorized Memory Read via adjtimex
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
by wally0813
CVSS 5.5
Dokan <1.2.0.1000 - Buffer Overflow
Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.
by Parvez Anwar
CVSS 7.8
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork
by Google Security Research
AF_PACKET chocobo_root Privilege Escalation
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
by bcoles
CVSS 7.8
Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.
by bcoles
CVSS 7.0
AF_PACKET packet_set_ring Privilege Escalation
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.
by bcoles
CVSS 7.8
SUSE Linux Enterprise - Information Disclosure via Netlink Message
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
by Jinbum Park
CVSS 3.3
By Source