107 matches found
CVE-2024-23710
In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
ROS-2-1573
2.1573 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: Vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia : 2...
UBUNTU-CVE-2024-0046
In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Fedora: Security Advisory for subversion (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-0219
In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation...
CVE-2023-33878
The CVE-2023-33878 issue affects Intel NUC P14E Laptop Element Audio Install Package for Windows (before version 156). Root cause: path traversal in the installer/software update flow could be exploited by an authenticated local user to escalate privileges. Impact as described: local escalation o...
CVE-2023-21257
In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-21116
In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
Malicious code in isntall (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7547e8992dd19ddadb22d9e7b35b5f83f821dc955a8404dd83ccb91640a6f1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in malicious-pre-install-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1741456bb70a37b2485b448c939f1c6bac3387f988e30a89c5ae1516b1610105 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-28782
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability...
PT-2022-19230 · Unknown · Contents To Window
Name of the Vulnerable Software and Affected Versions: Contents To Window versions prior to SMR May-2022 Release 1 Description: The issue is related to improper access control, allowing a physical attacker to install a package before the completion of the Setup wizard. This can be exploited by a...
CVE-2022-24932
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard...
compare-eslint-config (>=0.1.0 <=0.1.1) potentially affected by CVE-2020-7629 via install-package (=0.1.0)
install-package NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on install-package and may be impacted: - compare-eslint-config =0.1.0, =0.1.1 Source cves: CVE-2020-7629 Source advisory: OSV:GHSA-6M4R-M3GC-H4R5...
GHSA-6M4R-M3GC-H4R5 OS Command Injection in install-package
install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...
OS Command Injection in install-package
install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...
[SECURITY] Fedora 34 Update: gnuchess-6.2.7-5.fc34
The gnuchess package contains the GNU chess program. By default, GNU chess uses a curses text-based interface. Alternatively, GNU chess can be used in conjunction with the xboard user interface and the X Window System for play using a graphical chess board. Install the gnuchess package if you wou...
Command injection
A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command...
CVE-2020-0204
In InstallPackage of package.cpp, there is a possible bypass of a signature check due to a Time of Check/Time of Use condition. This could lead to local escalation of privilege by allowing a bypass of the initial zip file signature check for an OS update with no additional execution privileges...
CVE-2020-7629
CVE-2020-7629 affects install-package up to version 0.4.0 and is a Command Injection vulnerability that allows execution of arbitrary commands via the options argument. The issue is documented across multiple sources (NVD/Red Hat/OSV/GHSA/Snyk) with severity ranging from High to Critical (CVSS v3...