Vendor CVEs
All CVEs
11,353 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-34729 | 0.00 | — | 0.00 | Nov 13, 2024 | In multiple locations, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-34719 | 0.00 | — | 0.00 | Nov 13, 2024 | In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-31337 | 0.00 | — | 0.00 | Nov 13, 2024 | In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-23715 | 0.00 | — | 0.00 | Nov 13, 2024 | In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2023-35686 | 0.00 | — | 0.00 | Nov 13, 2024 | In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2023-35659 | 0.00 | — | 0.00 | Nov 13, 2024 | In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2024-11117 | 0.00 | — | 0.00 | Nov 12, 2024 | Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2024-11116 | 0.00 | — | 0.00 | Nov 12, 2024 | Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2024-11115 | 0.00 | — | 0.00 | Nov 12, 2024 | Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium) | |||
| CVE-2024-11114 | 0.00 | — | 0.00 | Nov 12, 2024 | Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2024-11113 | 0.00 | — | 0.00 | Nov 12, 2024 | Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2024-11112 | 0.00 | — | 0.00 | Nov 12, 2024 | Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2024-11111 | 0.00 | — | 0.00 | Nov 12, 2024 | Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2024-11110 | 0.00 | — | 0.00 | Nov 12, 2024 | Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High) | |||
| CVE-2024-10668 | 0.00 | — | 0.00 | Nov 7, 2024 | There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame… | |||
| CVE-2024-10827 | 0.00 | — | 0.01 | Nov 6, 2024 | Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2024-10826 | 0.00 | — | 0.01 | Nov 6, 2024 | Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2024-10488 | 0.00 | — | 0.01 | Oct 29, 2024 | Use after free in WebRTC in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2024-10487 | 0.00 | — | 0.01 | Oct 29, 2024 | Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2024-47041 | 0.00 | — | 0.00 | Oct 25, 2024 | In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47035 | 0.00 | — | 0.00 | Oct 25, 2024 | In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2024-47034 | 0.00 | — | 0.00 | Oct 25, 2024 | there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47033 | 0.00 | — | 0.00 | Oct 25, 2024 | In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47031 | 0.00 | — | 0.00 | Oct 25, 2024 | Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861. | |||
| CVE-2024-47030 | 0.00 | — | 0.00 | Oct 25, 2024 | Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818. | |||
| CVE-2024-47029 | 0.00 | — | 0.00 | Oct 25, 2024 | In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User… | |||
| CVE-2024-47028 | 0.00 | — | 0.00 | Oct 25, 2024 | In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47027 | 0.00 | — | 0.00 | Oct 25, 2024 | In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2024-47026 | 0.00 | — | 0.00 | Oct 25, 2024 | In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47025 | 0.00 | — | 0.00 | Oct 25, 2024 | In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47024 | 0.00 | — | 0.00 | Oct 25, 2024 | In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47023 | 0.00 | — | 0.00 | Oct 25, 2024 | there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47022 | 0.00 | — | 0.00 | Oct 25, 2024 | Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656. | |||
| CVE-2024-47021 | 0.00 | — | 0.00 | Oct 25, 2024 | In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47020 | 0.00 | — | 0.00 | Oct 25, 2024 | Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488. | |||
| CVE-2024-47019 | 0.00 | — | 0.00 | Oct 25, 2024 | In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. | |||
| CVE-2024-47018 | 0.00 | — | 0.00 | Oct 25, 2024 | In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47017 | 0.00 | — | 0.00 | Oct 25, 2024 | In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47016 | 0.00 | — | 0.00 | Oct 25, 2024 | there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47015 | 0.00 | — | 0.00 | Oct 25, 2024 | In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for… | |||
| CVE-2024-47014 | 0.00 | — | 0.00 | Oct 25, 2024 | Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292. | |||
| CVE-2024-47013 | 0.00 | — | 0.00 | Oct 25, 2024 | In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47012 | 0.00 | — | 0.00 | Oct 25, 2024 | In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-44101 | 0.00 | — | 0.00 | Oct 25, 2024 | there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-44100 | 0.00 | — | 0.00 | Oct 25, 2024 | Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545. | |||
| CVE-2024-44099 | 0.00 | — | 0.00 | Oct 25, 2024 | There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-44098 | 0.00 | — | 0.00 | Oct 25, 2024 | In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-10231 | 0.00 | — | 0.00 | Oct 22, 2024 | Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2024-10230 | 0.00 | — | 0.01 | Oct 22, 2024 | Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2024-10229 | 0.00 | — | 0.01 | Oct 22, 2024 | Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High) |
- CVE-2024-34729Nov 13, 2024risk 0.00cvss —epss 0.00
In multiple locations, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-34719Nov 13, 2024risk 0.00cvss —epss 0.00
In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-31337Nov 13, 2024risk 0.00cvss —epss 0.00
In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-23715Nov 13, 2024risk 0.00cvss —epss 0.00
In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-35686Nov 13, 2024risk 0.00cvss —epss 0.00
In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-35659Nov 13, 2024risk 0.00cvss —epss 0.00
In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for…
- CVE-2024-11117Nov 12, 2024risk 0.00cvss —epss 0.00
Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low)
- CVE-2024-11116Nov 12, 2024risk 0.00cvss —epss 0.00
Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-11115Nov 12, 2024risk 0.00cvss —epss 0.00
Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium)
- CVE-2024-11114Nov 12, 2024risk 0.00cvss —epss 0.00
Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-11113Nov 12, 2024risk 0.00cvss —epss 0.00
Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-11112Nov 12, 2024risk 0.00cvss —epss 0.00
Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-11111Nov 12, 2024risk 0.00cvss —epss 0.00
Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-11110Nov 12, 2024risk 0.00cvss —epss 0.00
Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
- CVE-2024-10668Nov 7, 2024risk 0.00cvss —epss 0.00
There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame…
- CVE-2024-10827Nov 6, 2024risk 0.00cvss —epss 0.01
Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-10826Nov 6, 2024risk 0.00cvss —epss 0.01
Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-10488Oct 29, 2024risk 0.00cvss —epss 0.01
Use after free in WebRTC in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-10487Oct 29, 2024risk 0.00cvss —epss 0.01
Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2024-47041Oct 25, 2024risk 0.00cvss —epss 0.00
In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47035Oct 25, 2024risk 0.00cvss —epss 0.00
In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- CVE-2024-47034Oct 25, 2024risk 0.00cvss —epss 0.00
there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47033Oct 25, 2024risk 0.00cvss —epss 0.00
In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47031Oct 25, 2024risk 0.00cvss —epss 0.00
Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861.
- CVE-2024-47030Oct 25, 2024risk 0.00cvss —epss 0.00
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818.
- CVE-2024-47029Oct 25, 2024risk 0.00cvss —epss 0.00
In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User…
- CVE-2024-47028Oct 25, 2024risk 0.00cvss —epss 0.00
In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47027Oct 25, 2024risk 0.00cvss —epss 0.00
In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- CVE-2024-47026Oct 25, 2024risk 0.00cvss —epss 0.00
In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47025Oct 25, 2024risk 0.00cvss —epss 0.00
In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47024Oct 25, 2024risk 0.00cvss —epss 0.00
In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47023Oct 25, 2024risk 0.00cvss —epss 0.00
there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47022Oct 25, 2024risk 0.00cvss —epss 0.00
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.
- CVE-2024-47021Oct 25, 2024risk 0.00cvss —epss 0.00
In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47020Oct 25, 2024risk 0.00cvss —epss 0.00
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.
- CVE-2024-47019Oct 25, 2024risk 0.00cvss —epss 0.00
In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.
- CVE-2024-47018Oct 25, 2024risk 0.00cvss —epss 0.00
In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47017Oct 25, 2024risk 0.00cvss —epss 0.00
In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47016Oct 25, 2024risk 0.00cvss —epss 0.00
there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47015Oct 25, 2024risk 0.00cvss —epss 0.00
In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for…
- CVE-2024-47014Oct 25, 2024risk 0.00cvss —epss 0.00
Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292.
- CVE-2024-47013Oct 25, 2024risk 0.00cvss —epss 0.00
In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47012Oct 25, 2024risk 0.00cvss —epss 0.00
In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-44101Oct 25, 2024risk 0.00cvss —epss 0.00
there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-44100Oct 25, 2024risk 0.00cvss —epss 0.00
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.
- CVE-2024-44099Oct 25, 2024risk 0.00cvss —epss 0.00
There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-44098Oct 25, 2024risk 0.00cvss —epss 0.00
In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-10231Oct 22, 2024risk 0.00cvss —epss 0.00
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-10230Oct 22, 2024risk 0.00cvss —epss 0.01
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-10229Oct 22, 2024risk 0.00cvss —epss 0.01
Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
Page 190 of 228