CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9366
https://notcve.org/view.php?id=CVE-2018-9366
19 Nov 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-06-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9344
https://notcve.org/view.php?id=CVE-2018-9344
19 Nov 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-06-01 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-9339
https://notcve.org/view.php?id=CVE-2018-9339
19 Nov 2024 — In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-06-01 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9338
https://notcve.org/view.php?id=CVE-2018-9338
19 Nov 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-06-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-21270
https://notcve.org/view.php?id=CVE-2023-21270
19 Nov 2024 — This could lead to local escalation of privilege with User execution privileges needed. • https://source.android.com/security/bulletin/2023-08-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48992 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-48992
19 Nov 2024 — Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable. ... A local attacker could possibly use this issue to execute arbitrary code as root. • https://github.com/liske/needrestart/commit/b5f25f6ec6e7dd0c5be249e4e45de4ee9ffe594f • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48991 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-48991
19 Nov 2024 — Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the sys... • https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 11CVE-2024-48990 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-48990
19 Nov 2024 — Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable. ... A local attacker could possibly use this issue to execute arbitrary code as root. • https://packetstorm.news/files/id/183464 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11003 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-11003
19 Nov 2024 — This could allow a local attacker to execute arbitrary shell commands. ... A local attacker could possibly use this issue to execute arbitrary code as root. • https://github.com/unknown-user-from/CVE-2024-11003-PoC • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10224 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-10224
19 Nov 2024 — Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval(). ... A local attacker could possibly use this issue to execute arbitrary code as root. • https://github.com/rschupp/Module-ScanDeps/security/advisories/GHSA-g597-359q-v529 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •