A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1.
An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.
Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis.
Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access.
An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854.
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.
Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access.
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.
Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.
Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code.
Memory corruption in Automotive Android OS due to improper validation of array index.
Memory corruption due to improper access control in kernel while processing a mapping request from root process.
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges.
Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.
Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access.
The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.
Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory.
Improper access control in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2). The default installation sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator.
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction.
Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior.
Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.
NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands.
Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.
Improper initialization in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Memory corruption due to improper access control in Qualcomm IPC.
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.
The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.
QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory.
Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges.
Windows Installer Elevation of Privilege Vulnerability
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.
Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability
EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.
The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.
EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface.
In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass the lock screen via certain (1) mouse or (2) touch gestures.
NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering.