Lucene search
K

966 matches found

Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-39096

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the rust binder component where oneway spam detection was flawed. In TreeRange, the spam detection logic executed before the current request was inserted into the tree...

5.8AI score0.00121EPSS
Exploits0References6
NVD
NVD
added 2026/05/01 5:16 p.m.6 views

CVE-2026-37526

AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...

7.8CVSS0.00123EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

Automotive Grade Linux app-framework-binder 安全漏洞

Automotive Grade Linux app-framework-binder is an application framework communication component from Automotive Grade Linux, Inc. A security vulnerability exists in Automotive Grade Linux app-framework-binder version 19.90.0 and earlier, which stems from the existence of elevation of privilege in...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/01 12:0 a.m.4 views

CVE-2026-37526

AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...

7.8CVSS6AI score0.00123EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/01 12:0 a.m.7 views

CVE-2026-37525

AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-context, NULL before...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/01 12:0 a.m.6 views

EUVD-2026-26681

AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-context, NULL before...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.13 views

PT-2026-36503

Name of the Vulnerable Software and Affected Versions AGL app-framework-binder afb-daemon versions prior to 19.90.1 Description A privilege escalation issue exists in the supervision Do command. The on supervision call function in src/afb-supervision.c nullifies request credentials by calling afb...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/01 12:0 a.m.9 views

CVE-2026-37525

AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-;context, NULL before...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.36 views

CVE-2026-37526

AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...

7.8CVSS0.00123EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.36 views

CVE-2026-37525

AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-context, NULL before...

7.8CVSS0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/05/01 12:0 a.m.20 views

CVE-2026-37525

The CVE-2026-37525 entry concerns the AGL app-framework-binder (afb-daemon) up to v19.90.0. The vulnerability resides in the supervision Do command: the on_supervision_call path explicitly_nullifies credentials via afb_context_change_cred(&xreq->context, NULL) before dispatching an attacker-co...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

Automotive Grade Linux app-framework-binder 访问控制错误漏洞

Automotive Grade Linux app-framework-binder is an application framework communication component from Automotive Grade Linux, Inc. An Access Control Error vulnerability exists in Automotive Grade Linux app-framework-binder version 19.90.0 and earlier, which stems from a lack of authentication on...

7.8CVSS5.9AI score0.00123EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.12 views

WOOTdroid: Whole-System Online On-Device Tracing for Android

System auditing on Android faces two problems. First, existing syscall tracers lose events under load, silently overwriting entries faster than a user space reader can drain them. Second, security-relevant application behavior is mediated through Binder, Android's kernel IPC mechanism, and is...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013568)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013568 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc-vma in race with munmap cmllamas: clean forward port from commit...

5.6AI score0.00168EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013343)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013343 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: fix memory leak in binderinit In binderinit, the destruction of binderallocshrinkerinit i...

5.7AI score0.00177EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010785)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010785 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc-vma in race with munmap cmllamas: clean forward port from commit...

5.6AI score0.00168EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013295)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013295 advisory. In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of...

7CVSS7.3AI score0.00145EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.14 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007248)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007248 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in bindergetobject Commit 6d98eb95b450 binder: avoid potential dat...

5.5CVSS6.1AI score0.00423EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007389)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007389 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BCFREEBUFFER processing, the BINDERTYPEFDA object...

5.5CVSS6.2AI score0.0025EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 9:49 p.m.3 views

Security Bulletin: vulerability in IBM Spectrum Symphony with spring framework

Summary vulerability in IBM Spectrum Symphony with spring framework Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could...

5.3CVSS5.8AI score0.05666EPSS
Exploits2Affected Software1
Rows per page
Query Builder