The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to establish a connection. This lack of proper validation allows unauthorized clients to exploit the service's methods and escalate privileges to root.

In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.

A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability.

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In camera service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In power manager, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In ion service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In engineermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In telocom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In linkturbo, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In phasechecksercer, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors. QuTScloud, is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2737 build 20240417 and later QuTS hero h5.2.0.2782 build 20240601 and later

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by logging in to the device and issuing the enable command. A successful exploit could allow the attacker to gain full administrative privileges without using the enable password. Note: The Enable Secret feature is disabled by default.

In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple files, there is a possible way to import a contact from another user due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement.

In onFactoryReset of BluetoothManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-159061926