In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...
5.5CVSS
4.8AI Score
0.0004EPSS
3P apps can delete arbitrary system files via "am trace-ipc stop" command
In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
writeToParcel/createFromParcel mismatch in ParsedIntentInfo
In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
HeapDumpProvider is open to any app
In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps from debuggable apps due to an unprotected provider. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.2AI Score
0.0004EPSS
avc_enc_fuzzer: Heap-buffer-overflow in ih264e_put_bits
In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
App can read iccId of sim card(s) without requiring READ_PRIVILEGED_PHONE_STATE permission.
In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
4.8AI Score
0.0004EPSS
In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for...
5.5CVSS
5.2AI Score
0.0005EPSS
Kernel exploit: futex fixup_pi_state_owner() fault causes stack UAF
In fixup_pi_state_owner of futex.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
8AI Score
0.0004EPSS
[a remote root exploit chain to Pwn the latest Pixel Phone]
In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for...
8.1CVSS
8.3AI Score
0.001EPSS
[HIDL] libfmq security bug - a client may cause misaligned store and/or buffer overrun
In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
6.7CVSS
6.8AI Score
0.0004EPSS
avc_enc_fuzzer: Invalid-free in Codec::encodeFrames
In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.2AI Score
0.0004EPSS
Bluetooth security notice: (VU#799380.8 TLP:AMBER)
In smp_process_pairing_public_key of smp_act.cc, there is a possible interception of Bluetooth pairing from an on-path attacker due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
4.2CVSS
6AI Score
0.001EPSS
Bluetooth security notice (VU#799380.7 TLP:AMBER)
In btm_sec_pin_code_request of btm_sec.cc, there is a possible bypass of Bluetooth pairing pin-code due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for...
5.4CVSS
6.6AI Score
0.001EPSS
In onCreate of WifiScanModeActivity.java, there is a possible way to enable Wi-Fi scanning without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
7.3CVSS
7.3AI Score
0.0004EPSS
Assessment Bug for Security Vulnerability - Fi VPN prevents Chrome from working
In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no additional...
7.5CVSS
7.4AI Score
0.001EPSS
App pinning isn't requesting my PIN to exit app pinning mode
In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
[[statsd] out-of-bounds write in statsd when processing ExclusiveStateFieldIndex]
In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
8AI Score
0.0004EPSS
[DeviceChooserActivity Could be Overlaid to Trick User Into Associating a Rogue Companion Device]
In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User...
8CVSS
8AI Score
0.0004EPSS
Screenshots across multiple users on Android 11
In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user profiles with no additional execution privileges needed. User interaction is needed for...
4.7CVSS
4.4AI Score
0.0005EPSS
[ImportVCardActivity Could be Overlaid to Trick User into Importing Contacts]
In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
7.3CVSS
7.3AI Score
0.0004EPSS
OOB Write in NFC stack when handling MIFARE Classic TLVs
In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
9.5AI Score
0.001EPSS
Heap overflow due to integer overflow in libpac-chromium bundled v8
In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if an attacker can supply a malicious PAC file, with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
8AI Score
0.001EPSS
Use setFilterTouchesWhenObscured() for potentially dangerous permission screens
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for...
7.8CVSS
7.8AI Score
0.0005EPSS
In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
7.8CVSS
7.9AI Score
0.0004EPSS
[UAF problem found in storaged]
In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
Symfony has a security issue when parsing the Authorization header
All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore....
7.2AI Score
EPSS
Summary A vulnerability in Psf Requests used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-35195 DESCRIPTION: **Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementation...
5.6CVSS
6.1AI Score
0.0004EPSS
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the...
8.1CVSS
7AI Score
0.001EPSS
opencontainers runc contains procfs race condition with a shared volume mount
Impact By crafting a malicious root filesystem (with /proc being a symlink to a directory which was inside a volume shared with another running container), an attacker in control of both containers can trick runc into not correctly configuring the container's security labels and not correctly...
7CVSS
6.8AI Score
0.0005EPSS
Summary The Python cryptography package which provides both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and key derivation functions, is used by IBM Ansible plug-in. This library is vulnerable to CVE-2024-26130....
7.5CVSS
6.3AI Score
0.0004EPSS
0.1AI Score
Summary A vulnerability in the github.com/containerd/containerd-v1.6.17 package has been addressed. Vulnerability Details ** CVEID: CVE-2023-25173 DESCRIPTION: **containerd could allow a local authenticated attacker to bypass security restrictions, caused by improper setup for supplementary...
7.8CVSS
7AI Score
0.001EPSS
[No enforcement of PAP when MPPE is requested for PPTP VPN]
In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
7.4AI Score
0.001EPSS
Corrupt system by adding many AutomaticZenRules via NotificationManager#addAutomaticZenRule
In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for...
5.5CVSS
6.6AI Score
0.0004EPSS
Summary There is a vulnerability in the XML toolkit for Ruby component used by IBM License Metric Tool. Vulnerability Details ** CVEID: CVE-2024-35176 DESCRIPTION: **Ruby REXML is vulnerable to a denial of service, caused by improper input validation. By parsing a specially crafted XML content...
5.3CVSS
6.6AI Score
0.0004EPSS
Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave...
6.8AI Score
EPSS
How to Properly Off-Board a Namespace From Veeam Kasten for Kubernetes Backups
This article documents the procedure to properly off-board a namespace in Veeam Kasten for...
7AI Score
Use Of A Broken Or Risky Cryptographic Algorithm
asymmetricrypt/asymmetricrypt is vulnerable to Use Of A Broken Or Risky Cryptographic Algorithm. The vulnerability is due to insecure padding within PKCS v1.5, which allows an attacker to brute force the encrypted...
7AI Score
App can set Scan Mode of device' s Bluetooth without showing system dialog to user.
In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
7.3CVSS
7.1AI Score
0.0004EPSS
App can set discoverable timeout of device' s Bluetooth without showing system dialog to user.
In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
[Multiple users can share WI-FI and change WI-FI network]
In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
7.3CVSS
6.7AI Score
0.0004EPSS
[Out of Bounds Read in phNciNfc_RecvMfResp Function in phNxpExtns_MifareStd.cpp in nfc]
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
6.5AI Score
0.001EPSS
Cluster Monitoring Operator contains a credentials leak in...
7.7CVSS
7.5AI Score
0.0004EPSS
K000139592: libxml2 vulnerability CVE-2023-29469
Security Advisory Description An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs...
6.5CVSS
6.7AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. Vulnerability Details ** CVEID: CVE-2024-31881 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)...
6.5CVSS
6.5AI Score
0.0004EPSS
How to Reinstall the Veeam Transport Service on a Linux Server
This article documents the procedure for redeploying the Veeam Transport (Data Mover) Service on a Linux server managed by Veeam Backup & Replication without removing it from Veeam Backup &...
2.1AI Score
Directus is soft-locked by providing a string value to random string util
Describe the Bug Providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions...
7.5CVSS
6.7AI Score
0.0004EPSS
Summary An information exposure vulnerability in InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50954 DESCRIPTION: **IBM InfoSphere Information Server returns sensitive information in URL information that could be used in further attacks against the system....
4.3CVSS
5.9AI Score
0.0004EPSS
Denial of service while parsing a tar file due to lack of folders count validation
Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-this....
6.5CVSS
7AI Score
0.0004EPSS
Symfony allows direct access of ESI URLs behind a trusted proxy
All 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpKernel component are affected by this security issue. Your application is vulnerable only if the ESI feature is enabled and there is a proxy in front of the web application. This issue has been fixed in Symfony 2.3.19, 2.4.9, and...
6.5AI Score
EPSS