1378 matches found
CVE-2023-7013
CVE-2023-7013 affects Google Chrome’s Compositing component. The vulnerability arises from an inappropriate implementation that could allow a remote attacker to spoof the security UI via a crafted HTML page. Affected software is Chrome; root cause is within the Compositing path leading to UI spoo...
CVE-2024-2884
CVE-2024-2884 describes an out-of-bounds read in V8 (Chrome’s JavaScript engine) that could be triggered by a crafted HTML page. Affected product: Google Chrome (Linux/Mac/Windows) with versions prior to 121.0.6167.139. Root cause is an out-of-bounds memory access in V8, allowing remote attackers...
CVE-2023-7011
CVE-2023-7011 describes an improper implementation in Google Chrome’s Picture in Picture (PiP) feature that allowed a remote attacker to spoof the Omnibox contents via a crafted HTML page. Affected software is Google Chrome (PiP module) prior to version 119.0.6045.105. The underlying issue is an ...
CVE-2024-38709
CVE-2024-38709 corresponds to a Local File Inclusion in the WordPress plugin GD Rating System (versions <= 3.6). The underlying issue is path traversal that allows including restricted files via the plugin’s handling of file paths. Public entries consistently identify the affected software as ...
CVE-2024-34725
The CVE-2024-34725 entry describes a race condition in DevmemIntUnexportCtx of devicemem_server.c that can allow arbitrary code execution and local privilege escalation in the kernel, with no extra privileges or user interaction required. Connected records (Red Hat, NVD, CVE lists, OSV) confirm t...
CVE-2024-34721
CVE-2024-34721 describes an information-disclosure in Android’s MediaProvider.java, in ensureFileColumns, where improper input validation may allow a user to disclose files owned by another user. This is a local disclosure with no extra execution privileges required and does not require user inte...
CVE-2024-34726
The CVE-2024-34726 issue is in PVRSRV_MMap (pvr_bridge_k.c) of the PVR bridge kernel module. A logic error in PVRSRV_MMap can allow arbitrary code execution, enabling local kernel escalation of privilege with no extra execution privileges and without user interaction. The available documents do n...
CVE-2024-34723
Summary: CVE-2024-34723 describes a logic error in Android’s ParcelableListBinder.java (onTransact) that could enable local elevation of privilege by stealing the mAllowlistToken to launch an app from the background, without extra privileges or user interaction. The vulnerability is tied to how P...
CVE-2024-31339
CVE-2024-31339 affects Google Android: a memory corruption via use-after-free in multiple functions of StatsService.cpp can lead to local escalation of privilege with no user interaction. The issue impacts the Statsd component and is listed in Android Security Bulletin details for 2024-07-01/07-0...
CVE-2024-31332
CVE-2024-31332 affects Google Android Framework components, where a missing permission check allows bypassing restrictions on adding new Wi‑Fi connections. This enables local elevation of privilege with no extra execution privileges and no user interaction. Root cause: permission check gaps in mu...
CVE-2024-34720
CVE-2024-34720 affects Google Android: a logic error in com_android_internal_os_ZygoteCommandBuffer.cpp (ZygoteCommandBuffer.nativeForkRepeatedly) may enable arbitrary code execution in any app’s zygote processes, causing local privilege escalation with no extra privileges or user interaction req...
CVE-2024-31335
The CVE-2024-31335 entry concerns a logic error in DevmemIntChangeSparse2 within devicemem_server.c that can enable arbitrary code execution with local privilege elevation in the kernel. Connected sources indicate affected components include Android’s kernel-related stack and PowerVR-GPU subcompo...
CVE-2024-31331
CVE-2024-31331 affects the Android Framework, specifically a logic error in PackageManagerService.java setMimeGroup that can hide the service from Settings. This can enable local elevation of privilege with high impact (confidentiality/integrity/availability). Exploitation requires local access a...
CVE-2024-31318
CVE-2024-31318 affects Android’s CompanionDeviceManagerService.java. The flaw is a missing permission check that could allow pairing a companion device without user acceptance, enabling local elevation of privilege with no extra execution privileges required. User interaction is not needed for ex...
CVE-2024-31327
CVE-2024-31327 affects Android/libfmq: multiple functions in MessageQueueBase.h may cause an out-of-bounds write due to a race, enabling local escalation of privilege with no user interaction. Exploitation specifics are not provided in the supplied documents. Android security references acknowled...
CVE-2024-31325
CVE-2024-31325 is listed in the Android Framework as an Elevation of Privilege (EoP) vulnerability with a local attack vector. The issue arises from a logic error that can reveal images across different users’ data, enabling local privilege escalation without additional execution privileges. Affe...
CVE-2024-31324
CVE-2024-31324 affects Android Framework due to a tapjacking/overlay bypass in WindowState.java. The issue can be triggered by starting an activity in portrait, then rotating to landscape, enabling local elevation of privilege with user interaction required. The entry notes exploitation is possib...
CVE-2024-31322
Summary of CVE-2024-31322 : In Android’s AccessibilityManagerService.updateServicesLocked, improper input validation can let an app be hidden from Settings while still retaining the Accessibility Service, enabling local elevation of privilege with no extra execution privileges required. Exploitat...
CVE-2024-31319
CVE-2024-31319 affects Android Framework (NotificationManagerService.java). A cross-user data leak caused by a confused deputy could lead to local escalation of privilege with no extra execution privileges required. Exploitation is described as local and independent of user interaction. Public de...
CVE-2024-31316
CVE-2024-31316 affects the Android Framework, specifically the onResult path in AccountManagerService.java. The issue is a parcel mismatch that could allow an arbitrary background activity launch, resulting in local elevation of privilege without requiring additional execution privileges. No user...