seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.
gri before 2.12.18 generates temporary files in an insecure way.
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelera...
The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register ...
A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauth...
In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector.