Page 5 of 5128 results (0.017 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-06-01 • CWE-704: Incorrect Type Conversion or Cast •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-06-01 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

This could lead to local escalation of privilege with User execution privileges needed. • https://source.android.com/security/bulletin/2023-08-01 • CWE-276: Incorrect Default Permissions •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable. Qualys discovered that needrestart suffers from multiple local privilege escalation vulnerabilities that allow for root access from an unprivileged user. • https://github.com/liske/needrestart/commit/b5f25f6ec6e7dd0c5be249e4e45de4ee9ffe594f https://www.cve.org/CVERecord?id=CVE-2024-48992 https://www.qualys.com/2024/11/19/needrestart/needrestart.txt • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). Qualys discovered that needrestart suffers from multiple local privilege escalation vulnerabilities that allow for root access from an unprivileged user. • https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59 https://www.cve.org/CVERecord?id=CVE-2024-48991 https://www.qualys.com/2024/11/19/needrestart/needrestart.txt •