CVE-2024-40653

In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

CVE-2024-40653

CVE-2024-40653 involves a logic error in ConnectionServiceWrapper.java that can let a permission be retained indefinitely in the background, enabling local elevation of privilege. The issue is described across multiple sources (Android/Red Hat/NVD entries) as requiring user interaction for exploi...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in Google Android that stems from a logic error in ConnectionServiceWrapper.java that could lead to local elevation of privilege...

Linux Distros Unpatched Vulnerability : CVE-2023-50711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version...

Linux Distros Unpatched Vulnerability : CVE-2024-34997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is dispute...

CLSA-2025-1756483990 php: Fix of 3 CVEs

CVE-2025-1217: http stream wrapper: fix handling folded headers - CVE-2025-1734: http stream wrapper: fix handling headers with invalid name and no colon - CVE-2025-1861: fix http redirect location truncation...

php: Fix of 3 CVEs

CVE-2025-1217: http stream wrapper: fix handling folded headers - CVE-2025-1734: http stream wrapper: fix handling headers with invalid name and no colon - CVE-2025-1861: fix http redirect location truncation...

CLSA-2025-1756483693 php: Fix of 3 CVEs

CVE-2025-1217: http stream wrapper: fix handling folded headers - CVE-2025-1734: http stream wrapper: fix handling headers with invalid name and no colon - CVE-2025-1861: fix http redirect location truncation...

Linux Distros Unpatched Vulnerability : CVE-2023-0996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image fi...

Linux Distros Unpatched Vulnerability : CVE-2018-17057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. CVE-2018-17057 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2020-26932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - debian/sympa.postinst for the Debian Sympa package before 6.2.40dfsg-7 uses mode 4755 for sympanewaliases-wrapper, whereas the intended permissions are mode 475...

Linux Distros Unpatched Vulnerability : CVE-2021-3565

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2import used a fixed AES key for the inner wrapper, potentially allowing a MITM...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Linux Distros Unpatched Vulnerability : CVE-2016-9852

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display...

Malicious code in ad-react-wrapper (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dec7199df8eaf35c70facf6df3af78b3aa9b7d06d5cc4f2ba7ee9f528165d21a Any computer that has this package installed or running should be considered...

MAL-2025-41361 Malicious code in ad-react-wrapper (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dec7199df8eaf35c70facf6df3af78b3aa9b7d06d5cc4f2ba7ee9f528165d21a Any computer that has this package installed or running should be considered...

Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper

Summary Using torch.jit.unsupportedtensorops.execWrapper function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.jit.unsupportedtensorops.execWrapper function...

CVE-2025-49422

Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through = 1.9...

Linux Distros Unpatched Vulnerability : CVE-2023-34059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack...

CVE-2025-49422

Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through = 1.9...