13 matches found
EUVD-2023-38476
Malicious code in bioql PyPI...
EUVD-2023-38477
Malicious code in bioql PyPI...
CVE-2023-34401
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory...
CVE-2023-34402
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights...
CVE-2023-34398
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null pointer dereference...
CVE-2023-34400
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer...
CVE-2023-34399
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability integer overflow...
CVE-2023-34398
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null pointer dereference...
CVE-2023-34397
Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be crashed...
CVE-2023-34399
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability integer overflow...
CVE-2023-34401
CVE-2023-34401 affects Mercedes-Benz head-unit NTG6. USB-based profile import/export can process UD2-encoded files; missing size checks in enapsulate file enable an out-of-bounds read on the heap. Connected sources describe the vulnerability across multiple feeds (nvd/nvd-derived entries, Red Hat...
CVE-2023-34400
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer...
PT-2024-26149 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: A logic error in the code of shouldRestrictOverlayActivities in UsbProfileGroupSettingsManager.java could lead to a possible escape from SUW, resulting in local escalation of privilege with...