CVE-2018-9430

CVE-2018-9430 is an out-of-bounds write in btif_storage.cc (prop2cfg) that can lead to remote code execution without user interaction. Affected: Android Pixel/Nexus devices; root cause described as incorrect bounds check triggering a write beyond limits. Impact: high (RCE), network attack vector ...

CVE-2024-3171

CVE-2024-3171 affects Google Chrome (Chromium) before 122.0.6261.57. It is a use-after-free in Accessibility that can lead to heap corruption when a user is persuaded to perform specific UI gestures. The issue requires user interaction and is mitigated by updating to Chrome 122.0.6261.57 or later...

CVE-2023-21113

CVE-2023-21113 is an Android System elevation-of-privilege vulnerability caused by a confused deputy, enabling local escalation with no user interaction. Affected: Android devices; payload in multiple locations. Evidence in Android Security Bulletin shows updated AOSP versions (12, 12L, 13) and p...

CVE-2024-23700

CVE-2024-23700 is referenced in a Wear OS security bulletin as a Framework‑level vulnerability that could enable local privilege escalation by a malicious app with no extra privileges. PT-2026-3764 notes a PoC and claims the exploit can silently obtain permissions to read/write contacts, SMS, cal...

CVE-2024-25917

CVE-2024-25917 affects the WordPress WP Setup Wizard plugin prior to version 1.0.8.2, exposing an authentication/authorization bypass that allows an authenticated subscriber or higher to perform an unauthenticated-like action: full database download. Root cause identified as a missing capability ...

CAN-1999-1572

CVE-1999-1572 is a historic issue in GNU cpio where using the -O option sets a 0 umask, creating output files with mode 0666 (world-readable/writable). Connected advisories across Debian, RHEL, Ubuntu, CentOS, Gentoo, and others confirm the impact on cpio packages and reference CVE-1999-1572 (wit...

CAN-2005-3150

CVE-2005-3150 affects the weex FTP client. A format string vulnerability could allow remote code execution. Debian/ Gentoo advisories note fixes: weex 2.6.1-6sarge1 (and 2.6.1-4woody2 for woody). Upgrading to the patched package is recommended; old versions are vulnerable. The issue is a remote v...

CVE-2014-5515

According to the Ubuntu security entry for CVE-2014-5515, ntopng had several vulnerabilities that were fixed upstream in version 1.2.1. The connected records provide no further details (affected versions, root cause, impact, or exploit information). No MITRE/attack details are included. Remediati...

CVE-2021-0738

Android 12 Framework contains CVE-2021-0738 (listed under Framework in the Android 12 Security Release Notes). It is categorized as Type: ID (Information Disclosure) with a Moderate severity, and references the Android bug ID A-188802680. The snippet does not provide the exact root cause, vulnera...

CVE-2102-3325

Technical details for CVE-2102-3325 are not publicly available in the provided documents. Monitor for future updates.

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4125. Reason: This candidate is a reservation duplicate of CVE-2013-4125. Notes: All CVE users should reference CVE-2013-4125 instead of this candidate. All references and descriptions in this candidate have been removed to...