79 matches found
CVE-2024-27223
In EUTRANLCSDecodeFacilityInformationElement of LPPLcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure after authenticating the cell connection with no additional execution privileges needed. User interaction is n...
CVE-2024-44092
There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21054
In EUTRANLCSConvertLCSMOLRReq of LPPCommonUtil.c, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...
CVE-2023-21059
In EUTRANLCSDecodeFacilityInformationElement of LPPLcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2023-23080
Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10=V202209060242025 and Tenda IT7-PCS Tenda IT7-PCS=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS=V2209020908...
Malicious code in lcs-sistic-integration (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b05382a541057365227516e05e0fe3aeec00d7087f6bfebae88ad20ac12209aa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-44092
There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-44092
There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-44092
CVE-2024-44092 describes a missing LCS signing enforcement caused by test/debugging code left in a production build, potentially enabling local privilege escalation without user interaction. Public materials in this set confirm impact on Google Pixel/Android components, with references in the Pix...
PUB-A-345848543
In TBD of TBD, there is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
lcs-engineering.com Cross Site Scripting vulnerability OBB-3931930
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-27223
In EUTRANLCSDecodeFacilityInformationElement of LPPLcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure after authenticating the cell connection with no additional execution privileges needed. User interaction is n...
PT-2024-21756 · Google · Android
Name of the Vulnerable Software and Affected Versions: LPP LcsManagement.c affected versions not specified Description: The issue is related to a possible out of bounds read in the EUTRAN LCS DecodeFacilityInformationElement function of LPP LcsManagement.c due to a missing bounds check. This coul...
kernel: Linux kernel: Denial of Service in s390/lcs network driver due to incompatible function pointer type
A flaw was found in the Linux kernel's s390/lcs network driver. An incorrect function pointer type in the lcsstartxmit function could lead to a system crash or termination of a process. This issue arises when Kernel Control Flow Integrity kCFI, a security feature designed to prevent certain types...
kernel: Linux kernel: Denial of Service in s390/lcs network driver due to incompatible function pointer type
A flaw was found in the Linux kernel's s390/lcs network driver. An incorrect function pointer type in the lcsstartxmit function could lead to a system crash or termination of a process. This issue arises when Kernel Control Flow Integrity kCFI, a security feature designed to prevent certain types...
ROS-2-1313
2.1313 Multiple vulnerabilities in Redis CVE-2021-29477,CVE-2021-29478 1. Vulnerability Description: A vulnerability exists due to an integer overflow in the STRALGO LCS command. A remote attacker can pass specially crafted data to an application, cause an integer overflow, and execute arbitrary...
CVE-2023-21054
CVE-2023-21054 affects the Android kernel, specifically the EUTRAN_LCS_ConvertLCS_MOLRReq path in LPP_CommonUtil.c. A logic error can cause an out-of-bounds write, which could lead to remote code execution with System-level privileges. No user interaction is required. Exploitation status and in-t...
PT-2023-17850 · Google · Android Kernel
Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds read in the EUTRAN LCS DecodeFacilityInformationElement function of LPP LcsManagement.c. This could lead to remote information disclosure without requiring additiona...
CVE-2023-23080
Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10=V202209060242025 and Tenda IT7-PCS Tenda IT7-PCS=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS=V2209020908...
CVE-2023-23080
Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10=V202209060242025 and Tenda IT7-PCS Tenda IT7-PCS=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS=V2209020908...