Lucene search
+L

107 matches found

OSV
OSV
added 2024/05/07 9:15 p.m.6 views

CVE-2024-23710

In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

7.8CVSS6AI score0.0009EPSS
Exploits0References2
Redos
Redos
added 2024/03/13 12:0 a.m.22 views

ROS-2-1573

2.1573 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: Vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia : 2...

8.8CVSS7.6AI score0.01368EPSS
Exploits0
OSV
OSV
added 2024/03/11 5:15 p.m.6 views

UBUNTU-CVE-2024-0046

In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00121EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.17 views

Fedora: Security Advisory for subversion (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
OSV
OSV
added 2024/01/31 4:15 p.m.4 views

CVE-2024-0219

In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation...

7.8CVSS5.7AI score0.00189EPSS
Exploits0References2
CVE
CVE
added 2023/11/14 7:4 p.m.52 views

CVE-2023-33878

The CVE-2023-33878 issue affects Intel NUC P14E Laptop Element Audio Install Package for Windows (before version 156). Root cause: path traversal in the installer/software update flow could be exploited by an authenticated local user to escalate privileges. Impact as described: local escalation o...

7.8CVSS7.7AI score0.00227EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/07/13 12:15 a.m.4 views

CVE-2023-21257

In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS5.9AI score0.0009EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/05/15 12:0 a.m.8 views

CVE-2023-21116

In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...

7.3AI score0.00091EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/08/19 3:55 a.m.2 views

Malicious code in isntall (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7547e8992dd19ddadb22d9e7b35b5f83f821dc955a8404dd83ccb91640a6f1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/05/31 1:25 p.m.2 views

Malicious code in malicious-pre-install-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1741456bb70a37b2485b448c939f1c6bac3387f988e30a89c5ae1516b1610105 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
NVD
NVD
added 2022/05/03 8:15 p.m.20 views

CVE-2022-28782

Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability...

4.6CVSS0.00101EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/05/03 12:0 a.m.5 views

PT-2022-19230 · Unknown · Contents To Window

Name of the Vulnerable Software and Affected Versions: Contents To Window versions prior to SMR May-2022 Release 1 Description: The issue is related to improper access control, allowing a physical attacker to install a package before the completion of the Setup wizard. This can be exploited by a...

4.6CVSS4.3AI score0.00101EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/03/10 5:46 p.m.6 views

CVE-2022-24932

Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard...

4.6CVSS5.8AI score0.00106EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/02/10 11:48 p.m.4 views

compare-eslint-config (>=0.1.0 <=0.1.1) potentially affected by CVE-2020-7629 via install-package (=0.1.0)

install-package NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on install-package and may be impacted: - compare-eslint-config =0.1.0, =0.1.1 Source cves: CVE-2020-7629 Source advisory: OSV:GHSA-6M4R-M3GC-H4R5...

9.8CVSS7.2AI score0.04118EPSS
Exploits1
OSV
OSV
added 2022/02/10 11:48 p.m.33 views

GHSA-6M4R-M3GC-H4R5 OS Command Injection in install-package

install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

9.8CVSS9.7AI score0.04118EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/02/10 11:48 p.m.33 views

OS Command Injection in install-package

install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

9.8CVSS9.3AI score0.04118EPSS
Exploits1References4Affected Software1
Fedora
Fedora
added 2021/04/24 8:23 p.m.73 views

[SECURITY] Fedora 34 Update: gnuchess-6.2.7-5.fc34

The gnuchess package contains the GNU chess program. By default, GNU chess uses a curses text-based interface. Alternatively, GNU chess can be used in conjunction with the xboard user interface and the X Window System for play using a graphical chess board. Install the gnuchess package if you wou...

7.8CVSS1.7AI score0.01769EPSS
Exploits1
Prion
Prion
added 2021/01/15 6:15 p.m.17 views

Command injection

A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command...

7.2CVSS6.8AI score0.00704EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/06/11 3:15 p.m.6 views

CVE-2020-0204

In InstallPackage of package.cpp, there is a possible bypass of a signature check due to a Time of Check/Time of Use condition. This could lead to local escalation of privilege by allowing a bypass of the initial zip file signature check for an OS update with no additional execution privileges...

7CVSS7.2AI score0.00317EPSS
Exploits0References1
CVE
CVE
added 2020/04/02 9:38 p.m.73 views

CVE-2020-7629

CVE-2020-7629 affects install-package up to version 0.4.0 and is a Command Injection vulnerability that allows execution of arbitrary commands via the options argument. The issue is documented across multiple sources (NVD/Red Hat/OSV/GHSA/Snyk) with severity ranging from High to Critical (CVSS v3...

9.8CVSS9.7AI score0.04118EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder