Security Bulletin: Vulnerability in Node.js affects IBM Process Mining CVE-2024-28849
Summary There is a vulnerability in Node.js that could allow an remote authenticated attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...
6.5CVSS
6.3AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Jinja affects IBM Process Mining CVE-2024-34064
Summary There is a vulnerability in Jinja that could allow an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability....
5.4CVSS
6.7AI Score
0.0004EPSS
Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an remote authenticated attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability....
6.3AI Score
0.0004EPSS
Security Bulletin: Vulnerability in sqlparse affects IBM Process Mining CVE-2024-4340
Summary There is a vulnerability in sqlparse that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-4340 .....
7.5CVSS
7.2AI Score
0.0004EPSS
Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...
7.1AI Score
0.0004EPSS
Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to cause excessive CPU consumption on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details.....
7.1AI Score
EPSS
Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to perform a DNS poisoning attack on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
6.9AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Gunicorn affects IBM Process Mining CVE-2024-1135
Summary There is a vulnerability in Gunicorn that could allow an attacker to conduct XSS attacks on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION:...
7.5CVSS
6.2AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Pydantic affects IBM Process Mining CVE-2024-3772
Summary There is a vulnerability in Pydantic that could allow an attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-3772 ...
5.9CVSS
7.2AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Pallets Werkzeug affects IBM Process Mining CVE-2024-34069
Summary There is a vulnerability in Pallets Werkzeug that could allow an attacker to gain elevated privileges on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-34069 ...
7.5CVSS
8AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Netty affects IBM Process Mining CVE-2024-29025
Summary There is a vulnerability in Netty that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-29025 ...
5.3CVSS
7.1AI Score
0.0004EPSS
Summary There is a vulnerability in VMware Tanzu Spring Framework that could allow a remote attacker to conduct phishing attacks on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:....
8.1CVSS
6.8AI Score
0.0004EPSS
Security Bulletin: Vulnerability in tqdm affects IBM Process Mining CVE-2024-34062
Summary There is a vulnerability in tqdm that could allow an local authenticated attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...
4.8CVSS
5.9AI Score
0.0004EPSS
Overlay HealthFitness#PermissionsActivity to trick user into allowing unexpected health permissions
In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7AI Score
EPSS
In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7AI Score
EPSS
App can read all notifications of the device without requiring any permission.
In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User...
7AI Score
EPSS
Unintend failure in binder_transaction lead to ref->proc UAF
In binder_alloc_copy_to_buffer of binder.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for...
6.9AI Score
0.0004EPSS
LaunchAnyWhere bellow Android T even on latest Android security patch
In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.1AI Score
EPSS
In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.4AI Score
0.0004EPSS
SearchResultTrampoline in Settings app trusts getCallingActivity()
In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.4AI Score
0.0004EPSS
Sassy Mantis: Privacy Incident
In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.3AI Score
0.0004EPSS
Failure to persist privacy settings due to improper input validation leads to EoP
In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.3AI Score
0.0004EPSS
Potential OOB Read in attp_build_value_cmd() of att_protocol.cc
In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
6.4AI Score
0.0004EPSS
[Out of Bounds Write in ConvertRGBToPlanarYUV in C2InterfaceHelper.cpp in libsfplugin_ccodec_utils]
In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is.....
6.5AI Score
0.0004EPSS
mdns_service_fuzzer: Heap-use-after-free in MDnsSdListener::Monitor::run
In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
PDoS using addDynamicShortcuts to bypass app-level shortcut limits
In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.7AI Score
0.0004EPSS
In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.2AI Score
0.0004EPSS
No permission checks on ActivityTaskManagerService#keyguardGoingAway
In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
Disallowed credential managers are not disabled in settings
In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...
7.8CVSS
7.1AI Score
0.0004EPSS
Emergency service DoS due to large PhoneAccount labels
In multiple functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.9AI Score
0.0004EPSS
SourceRectHint Animation in PIP Component can cause restriction bypass
In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0005EPSS
Modifying global APN settings as an unprivileged secondary user
In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
3.3CVSS
6.4AI Score
0.0004EPSS
In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
Enumerating other users' contact photos via authentication item shown in AutoFillService's FillUi
In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
3.3CVSS
6.4AI Score
0.0004EPSS
In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
mtp_host_property_fuzzer: Segv on unknown address in android::MtpStringBuffer::set
In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for...
5.5CVSS
6.4AI Score
0.0005EPSS
Control activityOptions via AccountManager#removeAccountAsUser due to unsafe deserialization
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
[AOSP] Security Report - Bluetooth invalid pointer free
In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
EoP: chmod arbitrary file permission by race condition in MmsProvider.java
In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.9AI Score
0.0004EPSS
[ADP Grant] Guest user's lockscreen password can be bypassed
In multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen timeout due to a logic error in the code. This could lead to local escalation of privilege across users with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.9AI Score
0.0004EPSS
[Out of Bounds Read in setOperandValue in ShimPreparedModel.cpp in libneuralnetworks_cl]
In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
Calling ContentProvider.openFile() with Binding.getCallingUid() == 1000
In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
Prevent MMIO regions being shared or donated by the host
In multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
6.7CVSS
7.3AI Score
0.0004EPSS
In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.9AI Score
0.0004EPSS
In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.5AI Score
0.0004EPSS
Permanent denial of service via JobScheduler#schedule with invalid JobInfo.extras
In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.3AI Score
0.0004EPSS