Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.
Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality.
Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.
Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.
Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.
Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation.
Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation of this vulnerability may read and write arbitrary files by tampering with Phone Manager notifications.
Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability.
Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally.
Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically.
The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.
The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.
Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality.
Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions.
The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
There is an information leakage vulnerability on some Huawei products(AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600). An attacker with low permissions can view some high-privilege information by running specific commands.Successful exploit could cause an information disclosure condition.
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.
Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function.
Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions.
A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to bypass user restrictions.
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.
The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Access permission verification vulnerability in the Notepad module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Input parameter verification vulnerability in the background service module Impact: Successful exploitation of this vulnerability may affect availability.
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder.
Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server.
A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. This product is not affiliated with the company Adobe.
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level.
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.
Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.
ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access.
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privileges. An attacker can send a malicious IRP to trigger this vulnerability.
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js.
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation.
In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.
Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account.
Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call.
Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege.
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to ALPC.
Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.