Lucene search
K

962 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/01 12:0 a.m.4 views

CVE-2026-37526

AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...

7.8CVSS6AI score0.00123EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/01 12:0 a.m.7 views

CVE-2026-37525

AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-context, NULL before...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/01 12:0 a.m.6 views

EUVD-2026-26681

AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-context, NULL before...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/01 12:0 a.m.9 views

CVE-2026-37525

AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-;context, NULL before...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.36 views

CVE-2026-37526

AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...

7.8CVSS0.00123EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.36 views

CVE-2026-37525

AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-context, NULL before...

7.8CVSS0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.12 views

PT-2026-36503

Name of the Vulnerable Software and Affected Versions AGL app-framework-binder afb-daemon versions prior to 19.90.1 Description A privilege escalation issue exists in the supervision Do command. The on supervision call function in src/afb-supervision.c nullifies request credentials by calling afb...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.9 views

Automotive Grade Linux app-framework-binder 访问控制错误漏洞

Automotive Grade Linux app-framework-binder is an application framework communication component from Automotive Grade Linux, Inc. An Access Control Error vulnerability exists in Automotive Grade Linux app-framework-binder version 19.90.0 and earlier, which stems from a lack of authentication on...

7.8CVSS5.9AI score0.00123EPSS
Exploits0References1
CVE
CVE
added 2026/05/01 12:0 a.m.18 views

CVE-2026-37525

The CVE-2026-37525 entry concerns the AGL app-framework-binder (afb-daemon) up to v19.90.0. The vulnerability resides in the supervision Do command: the on_supervision_call path explicitly_nullifies credentials via afb_context_change_cred(&xreq->context, NULL) before dispatching an attacker-co...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.12 views

WOOTdroid: Whole-System Online On-Device Tracing for Android

System auditing on Android faces two problems. First, existing syscall tracers lose events under load, silently overwriting entries faster than a user space reader can drain them. Second, security-relevant application behavior is mediated through Binder, Android's kernel IPC mechanism, and is...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013568)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013568 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc-vma in race with munmap cmllamas: clean forward port from commit...

5.6AI score0.00168EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010785)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010785 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc-vma in race with munmap cmllamas: clean forward port from commit...

5.6AI score0.00168EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013295)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013295 advisory. In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of...

7CVSS7.3AI score0.00145EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013343)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013343 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: fix memory leak in binderinit In binderinit, the destruction of binderallocshrinkerinit i...

5.7AI score0.00177EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007389)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007389 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BCFREEBUFFER processing, the BINDERTYPEFDA object...

5.5CVSS6.2AI score0.0025EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.14 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007248)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007248 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in bindergetobject Commit 6d98eb95b450 binder: avoid potential dat...

5.5CVSS6.1AI score0.00423EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 9:49 p.m.3 views

Security Bulletin: vulerability in IBM Spectrum Symphony with spring framework

Summary vulerability in IBM Spectrum Symphony with spring framework Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could...

5.3CVSS5.8AI score0.05666EPSS
Exploits2Affected Software1
EUVD
EUVD
added 2026/04/09 6:31 p.m.3 views

EUVD-2026-20986

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...

7.5CVSS5.9AI score0.01382EPSS
Exploits0References3
OSV
OSV
added 2026/04/09 6:16 p.m.3 views

ALPINE-CVE-2026-1584

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...

7.5CVSS5.8AI score0.01382EPSS
Exploits0References1
NVD
NVD
added 2026/04/09 6:16 p.m.5 views

CVE-2026-1584

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...

7.5CVSS0.01382EPSS
Exploits0References4
Rows per page
Query Builder