28 matches found
EUVD-2020-24897
Malware in sbrugna...
EUVD-2017-2679
Malware in sbrugna...
EUVD-2025-26678
Malicious code in bioql PyPI...
EUVD-2023-48487
Malicious code in bioql PyPI...
CVE-2025-36906
In ConvertReductionOp of darwinnmlirconverteraidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-36906
In ConvertReductionOp of darwinnmlirconverteraidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2025-35889
Name of the Vulnerable Software and Affected Versions: darwin-mlir-converter affected versions not specified Description: The ConvertReductionOp function within darwinn mlir converter aidl.cc contains a heap buffer overflow, potentially leading to a local escalation of privilege. Exploitation doe...
CVE-2025-5344 Exposed AIDL service allowing for tampering of system secure settings in Bluebird kiosk application
Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind to the AIDL-type service to modify device's global settings and wallpaper image. This issue affects a...
CVE-2025-5344 Exposed AIDL service allowing for tampering of system secure settings in Bluebird kiosk application
Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind to the AIDL-type service to modify device's global settings and wallpaper image. This issue affects a...
CVE-2025-5345 Exposed AIDL service allowing to read and delete files with system-level privileges in Bluebird filemanager application
Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device's storage with system-lev...
CVE-2025-5345 Exposed AIDL service allowing to read and delete files with system-level privileges in Bluebird filemanager application
Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device's storage with system-lev...
CVE-2025-5345
Bluebird devices are affected by CVE-2025-5345 in a pre-loaded file manager app. The vulnerability resides in an unsecured AIDL service, com.bluebird.system.koreanpost.IsdcardRemoteService, which allows a local attacker to bind to the service and copy or delete arbitrary files from device storage...
CVE-2023-44128
he vulnerability is to delete arbitrary files in LGInstallService "com.lge.lginstallservies" app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage" methods are finally calling the "installPackageVerify" method...
CVE-2023-21046
In ConvertToHalMetadata of aidlutils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroi...
CVE-2023-21047
In ConvertToHalMetadata of aidlutils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid I...
CVE-2020-3626
Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W, MSM8917, MSM8920,...
PT-2023-25244 · Unknown · Darwinn Mlir Converter Aidl.Cc
Name of the Vulnerable Software and Affected Versions: darwinn mlir converter aidl.cc affected versions not specified Description: In the CanConvertPadV2Op function of darwinn mlir converter aidl.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local...
CVE-2023-44128
he vulnerability is to delete arbitrary files in LGInstallService "com.lge.lginstallservies" app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage" methods are finally calling the "installPackageVerify" method...
Design/Logic Flaw
he vulnerability is to delete arbitrary files in LGInstallService "com.lge.lginstallservies" app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage" methods are finally calling the "installPackageVerify" method...
MAL-2022-906 Malicious code in aidl-language (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32dcae8dbb5f01a96aa0cff4d60e5a796e6aa06f1df7bef6934ad1cfc2165739 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...