USN-4601-1 python-pip vulnerability

It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack. CVE-2019-20916...

CVE-2020-0419

In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Google Android elevation of privilege vulnerability (CNVD-2020-53769)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. There is a security vulnerability in Android version 11. The vulnerability stems from PackageInstaller and can be exploited by an attacker to elevate local privileges...

CVE-2020-0366

In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of privilege using an app set as the default Assist app with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

Debian: Security Advisory (DLA-2370-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-20916

A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...

CVE-2019-2218

In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for...

CVE-2019-15416

The Sony keyakikddi Android device with a build fingerprint of Sony/keyakikddi/keyakikddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app versionCode=70008, versionName=08.10.03 that allows other...

Design/Logic Flaw

Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests...

CVE-2019-10631

Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests...

CVE-2019-10631

CVE-2019-10631 describes a Shell Metacharacter Injection in the Zyxel NAS 326 package installer (versions 5.21 and earlier). An authenticated attacker can execute arbitrary code via multiple different requests. Affected product: Zyxel NAS 326 (Hopscotch). Root cause: shell metacharacter handling ...

Zyxel NAS 326 Shell Metacharacter Injection Vulnerability

Zyxel NAS 326 is a two-drive personal cloud storage device from Zyxel Hopscotch. A Shell metacharacter injection vulnerability exists in the package installer in Zyxel NAS 326 5.21 and earlier versions. An authenticated attacker can exploit this vulnerability to execute arbitrary code via multipl...

CVE-2018-9582

In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2018-9582

CVE-2018-9582 affects Android 8.0–9 package installer, enabling local elevation of privilege via bypassing the unknown-source warning in a confused deputy scenario. Exploitation requires no user interaction; attacker gains partial to high impact on confidentiality, integrity, and availability. Th...

CVE-2018-9582

In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Design/Logic Flaw

In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2018-9582

In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Google Android Framework (package installer) Denial of Service Vulnerability

Android on Google Pixel and Nexus is a Linux-based open source operating system for Google Pixel and Nexus smartphones developed by Google and the Open Handset Alliance OHA.Framework is a package installer framework. Framework package installer is one of the package installer framework. A denial ...

CVE-2017-13295

A denial of service vulnerability in the Android framework package installer. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62537081...

CVE-2017-13295

A denial of service vulnerability in the Android framework package installer. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62537081...