36 matches found
Progress Software Kemp LoadMaster delapikey OS Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of user data passed to the delapikey command. The issue resul...
EUVD-2024-15837
Malicious code in bioql PyPI...
CVE-2025-26436
In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
Malicious code in html2coffeekup-bal (npm)
The package html2coffeekup-bal was found to contain malicious code...
Malicious code in mailer-bal (npm)
The package mailer-bal was found to contain malicious code...
MAL-2025-25790 Malicious code in mailer-bal (npm)
The package mailer-bal was found to contain malicious code...
MAL-2025-22754 Malicious code in html2coffeekup-bal (npm)
The package html2coffeekup-bal was found to contain malicious code...
CVE-2024-0034
In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-322159724
In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
ASB-A-305695605
In multiple locations, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-336490997
In multiple locations, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-329230490
In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-0034
In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Privilege escalation
In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-0034
In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-0034
In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-0034
Technical details beyond the BAL Bypass description are not publicly provided in the supplied documents. Monitor Android security advisories and vendor advisories for affected products, versions, and fixes.
CVE-2023-40106
In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-40106
In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-40106
CVE-2023-40106 concerns a BAL bypass in Android’s NotificationManagerService.java (sanitizeSbn) that could allow launching an activity from the background, enabling local privilege escalation without extra privileges or user interaction. Affected component is the background handling path in the A...