962 matches found
CVE-2026-37526
AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...
CVE-2026-37525
AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-context, NULL before...
EUVD-2026-26681
AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-context, NULL before...
CVE-2026-37525
AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-;context, NULL before...
CVE-2026-37526
AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...
CVE-2026-37525
AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-context, NULL before...
PT-2026-36503
Name of the Vulnerable Software and Affected Versions AGL app-framework-binder afb-daemon versions prior to 19.90.1 Description A privilege escalation issue exists in the supervision Do command. The on supervision call function in src/afb-supervision.c nullifies request credentials by calling afb...
Automotive Grade Linux app-framework-binder 访问控制错误漏洞
Automotive Grade Linux app-framework-binder is an application framework communication component from Automotive Grade Linux, Inc. An Access Control Error vulnerability exists in Automotive Grade Linux app-framework-binder version 19.90.0 and earlier, which stems from a lack of authentication on...
CVE-2026-37525
The CVE-2026-37525 entry concerns the AGL app-framework-binder (afb-daemon) up to v19.90.0. The vulnerability resides in the supervision Do command: the on_supervision_call path explicitly_nullifies credentials via afb_context_change_cred(&xreq->context, NULL) before dispatching an attacker-co...
WOOTdroid: Whole-System Online On-Device Tracing for Android
System auditing on Android faces two problems. First, existing syscall tracers lose events under load, silently overwriting entries faster than a user space reader can drain them. Second, security-relevant application behavior is mediated through Binder, Android's kernel IPC mechanism, and is...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013568)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013568 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc-vma in race with munmap cmllamas: clean forward port from commit...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010785)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010785 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc-vma in race with munmap cmllamas: clean forward port from commit...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013295)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013295 advisory. In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013343)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013343 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: fix memory leak in binderinit In binderinit, the destruction of binderallocshrinkerinit i...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007389)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007389 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BCFREEBUFFER processing, the BINDERTYPEFDA object...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007248)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007248 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in bindergetobject Commit 6d98eb95b450 binder: avoid potential dat...
Security Bulletin: vulerability in IBM Spectrum Symphony with spring framework
Summary vulerability in IBM Spectrum Symphony with spring framework Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could...
EUVD-2026-20986
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...
ALPINE-CVE-2026-1584
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...
CVE-2026-1584
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...