18 matches found
Automotive Grade Linux app-framework-binder 安全漏洞
Automotive Grade Linux app-framework-binder is an application framework communication component from Automotive Grade Linux, Inc. A security vulnerability exists in Automotive Grade Linux app-framework-binder version 19.90.0 and earlier, which stems from the existence of elevation of privilege in...
Automotive Grade Linux app-framework-binder 访问控制错误漏洞
Automotive Grade Linux app-framework-binder is an application framework communication component from Automotive Grade Linux, Inc. An Access Control Error vulnerability exists in Automotive Grade Linux app-framework-binder version 19.90.0 and earlier, which stems from a lack of authentication on...
Automotive Grade Linux agl-service-can-low-level 安全漏洞
Automotive Grade Linux agl-service-can-low-level is an in-vehicle communication service component from Automotive Grade Linux. A security vulnerability exists in Automotive Grade Linux agl-service-can-low-level version 17.1.12, which stems from a heap buffer over-read in the isotp-c library, wher...
Automotive Grade Linux app-framework-main 路径遍历漏洞
Automotive Grade Linux app-framework-main is an application framework core component from Automotive Grade Linux, Inc. A path traversal vulnerability exists in Automotive Grade Linux app-framework-main version 17.1.12 and earlier, which stems from the presence of a Zip Slip path traversal and a...
Automotive Grade Linux agl-service-can-low-level 安全漏洞
Automotive Grade Linux agl-service-can-low-level is an in-vehicle communication service component from Automotive Grade Linux. A security vulnerability exists in Automotive Grade Linux agl-service-can-low-level version 17.1.12 and earlier, which stems from an uds-c inventory overflow in the stack...
CVE-2026-37531
AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability CWE-22 combined with a TOCTOU race condition CWE-367 in the widget installation flow. The isvalidfilename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot notation directory traversal...
Automotive Grade Linux agl-service-can-low-level 安全漏洞
Automotive Grade Linux agl-service-can-low-level is an in-vehicle communication service component from Automotive Grade Linux, Inc. A security vulnerability exists in Automotive Grade Linux agl-service-can-low-level, which stems from a stack buffer overflow in the senddiagnosticrequest function i...
EUVD-2022-51062
Malicious code in bioql PyPI...
EUVD-2022-29474
Malicious code in bioql PyPI...
CVE-2022-48363
In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer...
CVE-2022-24595
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP or WebSocket request to the socket listened by the afb-daemon process. No...
CVE-2022-48363
In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer...
CVE-2022-48363
CVE-2022-48363 affects MPD prior to 0.23.8, used on Automotive Grade Linux and other platforms. The PipeWire output plugin mishandles a Drain call in certain truncated-file scenarios, leading to an assertion failure in libmpdclient when libqtappfw passes a NULL pointer. Impact is an availability/...
CVE-2022-24595
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP or WebSocket request to the socket listened by the afb-daemon process. No...
CVE-2022-24595
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP or WebSocket request to the socket listened by the afb-daemon process. No...
Design/Logic Flaw
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP or WebSocket request to the socket listened by the afb-daemon process. No...
CVE-2022-24595
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP or WebSocket request to the socket listened by the afb-daemon process. No...
CVE-2022-24595
CVE-2022-24595 affects Automotive Grade Linux Kooky Koi versions 11.0.0–11.0.5. The root cause is Incorrect Access Control in /usr/bin/afb-daemon. An attacker can exploit by sending a crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process, with no credentials or user...