27 matches found
EUVD-2025-26832
Malicious code in bioql PyPI...
EUVD-2023-2008
Malicious code in bioql PyPI...
EUVD-2025-27039
Malicious code in bioql PyPI...
CVE-2025-32345
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...
CVE-2025-26435
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...
CVE-2025-32345
The CVE-2025-32345 issue affects Android’s ContentProtectionTogglePreferenceController.java (updateState), where a logic error allows a secondary user to disable the primary user’s deceptive app scanning setting. This enables local privilege escalation with no additional privileges or user intera...
CVE-2025-26435
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...
CVE-2025-26435
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...
CVE-2025-26435
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...
CVE-2025-26435
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...
CVE-2025-26435
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...
PT-2025-36014
Name of the Vulnerable Software and Affected Versions: ContentProtectionTogglePreferenceController.java affected versions not specified Description: A logic error in the updateState function within ContentProtectionTogglePreferenceController.java may allow a secondary user to disable the deceptiv...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the updateState function in ContentProtectionTogglePreferenceController.java, which can be exploited by an attacker to elevate...
PT-2025-36044
Name of the Vulnerable Software and Affected Versions: ContentProtectionTogglePreferenceController.java affected versions not specified Description: A logic error in the updateState function within ContentProtectionTogglePreferenceController.java may allow a secondary user to disable the deceptiv...
ASB-A-337774836
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...
Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials
Qualys Web App Scanning Connector Plugin 2.0.10 and earlier does not correctly perform permission checks in several HTTP endpoints. This allows attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...
GHSA-8WGF-3MRJ-73X7 Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials
Qualys Web App Scanning Connector Plugin 2.0.10 and earlier does not correctly perform permission checks in several HTTP endpoints. This allows attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...
CVE-2023-39154
Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...
Design/Logic Flaw
Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...
CVE-2023-39154
Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...