Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability

Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.

Android Pixel Privilege Escalation Vulnerability

Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.

Windows 内核权限提升漏洞(CVE-2024-30088)

该漏洞允许本地用户入侵目标系统。该漏洞是由于 Windows 内核中的检查时间、使用时间 \(TOCTOU\) 竞争条件而产生的。本地用户可以引发竞争条件并获得系统上的高级权限。

Arm Mali GPU Kernel Driver Use-After-Free Vulnerability

Arm Bifrost and Valhall GPU kernel drivers contain a use\-after\-free vulnerability that allows a local, non\-privileged user to make improper GPU memory processing operations to gain access to already freed memory.

用友NC oacoSchedulerEventsSQL注入漏洞

用友NC是由用友公司开发的一套面向大型企业和集团型企业的管理软件产品系列。这一系列产品基于全球最新的互联网技术、云计算技术和移动应用技术，旨在帮助企业创新管理模式、引领商业变革。用友NC存在SQL注入漏洞，该漏洞源于/portal/pt/oacoSchedulerEvents/isAgentLimit接口中的pk_flowagent参数存在sql注入漏洞，攻击者可通过该漏洞获取数据库敏感数据。