CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-9339
https://notcve.org/view.php?id=CVE-2018-9339
In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-06-01 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9338
https://notcve.org/view.php?id=CVE-2018-9338
This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-06-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-21270
https://notcve.org/view.php?id=CVE-2023-21270
This could lead to local escalation of privilege with User execution privileges needed. • https://source.android.com/security/bulletin/2023-08-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48992 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-48992
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable. Qualys discovered that needrestart suffers from multiple local privilege escalation vulnerabilities that allow for root access from an unprivileged user. • https://github.com/liske/needrestart/commit/b5f25f6ec6e7dd0c5be249e4e45de4ee9ffe594f https://www.cve.org/CVERecord?id=CVE-2024-48992 https://www.qualys.com/2024/11/19/needrestart/needrestart.txt • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48991 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-48991
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). Qualys discovered that needrestart suffers from multiple local privilege escalation vulnerabilities that allow for root access from an unprivileged user. • https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59 https://www.cve.org/CVERecord?id=CVE-2024-48991 https://www.qualys.com/2024/11/19/needrestart/needrestart.txt •