CVE-2026-37525
- EPSS 0.14%
- Veröffentlicht 01.05.2026 00:00:00
- Zuletzt bearbeitet 18.05.2026 17:09:43
AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The on_supervision_call function in src/afb-supervision.c explicitly nullifies the request credentials by calling afb_...
CVE-2026-37526
- EPSS 0.12%
- Veröffentlicht 01.05.2026 00:00:00
- Zuletzt bearbeitet 18.05.2026 17:10:29
AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authentication via the abstract Unix socket @urn:AGL:afs:supervi...
CVE-2026-37530
- EPSS 0.4%
- Veröffentlicht 01.05.2026 00:00:00
- Zuletzt bearbeitet 20.05.2026 15:25:15
AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_...
CVE-2026-37531
- EPSS 0.71%
- Veröffentlicht 01.05.2026 00:00:00
- Zuletzt bearbeitet 18.05.2026 17:12:36
AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename function in wgtpkg-zip.c validates ZIP entry names bu...
CVE-2026-37532
- EPSS 0.23%
- Veröffentlicht 01.05.2026 00:00:00
- Zuletzt bearbeitet 15.05.2026 15:38:17
AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding va...