106 matches found
CVE-2025-48606
In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden upon installation without a mechanism to uninstall it due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...
EUVD-2025-178296
Malicious code in jasmine-cypress-gravity-install npm...
EUVD-2025-112428
Malicious code in install-semantic-ui-warp-fork npm...
EUVD-2025-123566
Malicious code in polaris-meteor-babel-install npm...
EUVD-2025-124688
Malicious code in mutation-rehype-semantic-ui-install npm...
EUVD-2014-4597
Malware in sbrugna...
EUVD-2022-0865
Malicious code in bioql PyPI...
EUVD-2023-38028
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-0046
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead t...
Fedora: Security Advisory (FEDORA-2025-42ee7772e3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-21257
In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
MAL-2025-1939 Malicious code in secure-install-package (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in secure-install-package (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2018-9374
In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-43081
In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-4007 Hard coded default credential contained in install package
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured...
CVE-2024-4007
ABB ASPECT, NEXUS Series, and MATRIX Series (firmware up to 3.07) contain default/hard-coded credentials installed with the package, enabling login to misconfigured devices. Root cause: credentials embedded in the installer; attack surface includes Internet-adjacent exposure per public advisories...
CVE-2024-4007 Hard coded default credential contained in install package
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured...
OPENSUSE-SU-2024:11500-1 virt-install-3.2.0-10.1 on GA media
These are all security issues fixed in the virt-install-3.2.0-10.1 package on the GA media of openSUSE Tumbleweed...
CVE-2024-23710
In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...