4 matches found
CVE-2025-48536
CVE-2025-48536 affects Android’s SettingsSliceProvider.java, specifically grantAllowlistedPackagePermissions. A third-party app could abuse a “confused deputy” flaw to modify secure settings, enabling local elevation of privilege with no extra execution privileges and no user interaction required...
PT-2025-43456
In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
CVE-2025-34177
In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...
Linux Distros Unpatched Vulnerability : CVE-2024-36964
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits i...