213 matches found
PT-2024-30947 · Google · Android
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to an insecure default value, which could lead to a possible arbitrary read. This might cause local information disclosure with System execution privileges needed. Use...
PUB-A-342511931
there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...
Google Android elevation of privilege vulnerability (CNVD-2024-37968)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by an insecure default value in FooterActionsViewModel ktonForegroundServiceButtonClicked. An attacker can exploit this vulnerability to elevate...
CVE-2024-34734
CVE-2024-34734 describes an Elevation of Privilege in Android related to FooterActionsViewModel.kt (onForegroundServiceButtonClicked): an insecure default value could allow disabling the active VPN from the lockscreen with local impact and no user interaction. The vulnerability is tracked in mult...
CVE-2024-40639
...
CVE-2024-39888
CVE-2024-39888 affects Mendix Encryption versions 10.0.0 to 10.0.1, where a hard-coded default EncryptionKey enables decryption of encrypted project data if no per-project key is specified. Root cause: a security-relevant constant defined by default in the module. Consequences stated across sourc...
PT-2024-27050 · Undertow · Undertow
Name of the Vulnerable Software and Affected Versions: Undertow affected versions not specified Description: A vulnerability was found in Undertow, which requires the learning-push handler to be enabled in the server's config. By default, this handler is disabled. If enabled and the maxAge config...
CVE-2024-20056
In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185...
CVE-2024-20056
In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185...
CVE-2024-20056
CVE-2024-20056 affects MediaTek preloader: insecure default value enables local privilege escalation to SYSTEM, with no user interaction required. Patch ALPS08528185/ALPS08528185 issued; details on exploitation not provided in the connected docs.
CVE-2024-34067 Multiple cross site scripting (XSS) vulnerabilities in the admin area of Pterodactyl panel
Pterodactyl is a free, open-source game server management panel built with PHP, React, and Go. Importing a malicious egg or gaining access to wings instance could lead to cross site scripting XSS on the panel, which could be used to gain an administrator account on the panel. Specifically, the...
PT-2024-25684 · Amazon · Sagemaker-Python-Sdk
Name of the Vulnerable Software and Affected Versions: sagemaker-python-sdk versions prior to 2.214.3 Description: The capture dependencies function in the sagemaker.serve.save retrive.version 1 0 0.save.utils module allows for potentially unsafe Operating System OS Command Injection if an...
kernel: drm/amd/display: Fix possible underflow for displays with large vblank
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix possible underflow for displays with large vblank Why Underflow observed when using a display with a large vblank region and low refresh rate How Simplify calculation of vblanknom Increase value for...
GHSA-9822-6M93-XQF4 Rails has possible XSS Vulnerability in Action Controller
Possible XSS Vulnerability in Action Controller There is a possible XSS vulnerability when using the translation helpers translate, t, etc in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: = 7.0.0. Not affected: 7.0.0 Fixed Versions:...
CVE-2023-48418
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ...
Default configuration
In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-32805
In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892...
Out-of-bounds
In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892...
CVE-2023-32805
In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892...
CVE-2023-32805
In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892...