105 matches found
CVE-2026-0068
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
PT-2026-45576
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
ASB-A-460779368
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-5708 Improper Control of User-Modifiable Attributes in RES CreateSession API
Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio RES prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with...
CVE-2026-5708
CVE-2026-5708 concerns AWS Research and Engineering Studio (RES) prior to version 2026.03, where the session creation component allows unsanitized control of user-modifiable attributes. An authenticated remote user could escalate privileges, assume the virtual desktop host instance profile permis...
CVE-2026-0023
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0023
Technical details for CVE-2026-0023 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-2524
A flaw has been found in Open5GS 2.7.6. The impacted element is the function mmes11handlecreatesessionresponse of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the...
CVE-2026-2524
A flaw has been found in Open5GS 2.7.6. The impacted element is the function mmes11handlecreatesessionresponse of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the...
CVE-2026-2524
CVE-2026-2524 affects Open5GS 2.7.6, specifically the MME function mme_s11_handle_create_session_response. The issue is a manipulation in this function that leads to a denial of service, with remote exploitation reported. Exploit code has been published and may be used. The affected project (Open...
CVE-2026-2524
A flaw has been found in Open5GS 2.7.6. The impacted element is the function mmes11handlecreatesessionresponse of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the...
CVE-2026-2524 Open5GS MME mme_s11_handle_create_session_response denial of service
A flaw has been found in Open5GS 2.7.6. The impacted element is the function mmes11handlecreatesessionresponse of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the...
CVE-2026-2524 Open5GS MME mme_s11_handle_create_session_response denial of service
A flaw has been found in Open5GS 2.7.6. The impacted element is the function mmes11handlecreatesessionresponse of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the...
EUVD-2026-6141
A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwcs5chandlecreatesessionresponse of the component SGW-C. Executing a manipulation can lead to memory corruption. The attack may be performed from remote. The exploit has been made available to the public and...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Version 2.7.6 of Open5GS contains a security vulnerability. This vulnerability stems from incorrect operations on the function mmes11handlecreatesessionresponse in the...
CVE-2026-2521
A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwcs5chandlecreatesessionresponse of the component SGW-C. Executing a manipulation can lead to memory corruption. The attack may be performed from remote. The exploit has been made available to the public and...
CVE-2026-2521
A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwcs5chandlecreatesessionresponse of the component SGW-C. Executing a manipulation can lead to memory corruption. The attack may be performed from remote. The exploit has been made available to the public and...