0.0

CVE-2024-53251 -

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.

πŸ“… Published: Nov. 19, 2024, 6:30 p.m. πŸ”„ Last Modified: Jan. 22, 2026, 9:40 a.m.

0.0

CVE-2024-53248 -

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.

πŸ“… Published: Nov. 19, 2024, 6:30 p.m. πŸ”„ Last Modified: Jan. 22, 2026, 9:39 a.m.

7.8

CVSS3.1

CVE-2018-9338 -

In ResStringPool::setTo of ResourceTypes.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

πŸ“… Published: Nov. 19, 2024, 6:11 p.m. πŸ”„ Last Modified: Nov. 22, 2024, 3:48 p.m.

7.8

CVSS3.1

CVE-2023-21270 -

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User inte…

πŸ“… Published: Nov. 19, 2024, 6 p.m. πŸ”„ Last Modified: Dec. 18, 2024, 2:22 p.m.

7.8

CVSS3.1

CVE-2017-13315 -

In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not …

πŸ“… Published: Nov. 19, 2024, 5:50 p.m. πŸ”„ Last Modified: Dec. 18, 2024, 2:23 p.m.

7.8

CVSS3.1

CVE-2024-48992 -

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.

πŸ“… Published: Nov. 19, 2024, 5:38 p.m. πŸ”„ Last Modified: Nov. 3, 2025, 11:16 p.m.

7.8

CVSS3.1

CVE-2024-48991 -

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). The initial security fix (6ce6136)…

πŸ“… Published: Nov. 19, 2024, 5:38 p.m. πŸ”„ Last Modified: Nov. 3, 2025, 11:16 p.m.

7.8

CVSS3.1

CVE-2024-48990 -

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.

πŸ“… Published: Nov. 19, 2024, 5:38 p.m. πŸ”„ Last Modified: Nov. 3, 2025, 11:16 p.m.

7.8

CVSS3.1

CVE-2024-11003 -

Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps.

πŸ“… Published: Nov. 19, 2024, 5:36 p.m. πŸ”„ Last Modified: Nov. 3, 2025, 10:16 p.m.

5.3

CVSS3.1

CVE-2024-10224 - module-scandeps: local privilege escalation via unsanitized input

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().

πŸ“… Published: Nov. 19, 2024, 5:35 p.m. πŸ”„ Last Modified: Nov. 3, 2025, 10:16 p.m.
Total resulsts: 349182
Page 7791 of 34,919
Β« previous page Β» next page
Filters