In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-05
Updated
2024-02-09
Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-07
Updated
2024-02-14
Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-07
Updated
2024-02-14
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-01-24
Updated
2024-01-29
U-Boot vulnerability resulting in persistent Code Execution 
Max CVSS
9.8
EPSS Score
0.08%
Published
2023-12-11
Updated
2023-12-13
U-Boot shell vulnerability resulting in Privilege escalation in a production device
Max CVSS
9.8
EPSS Score
0.06%
Published
2023-12-11
Updated
2023-12-13
In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-12-08
Updated
2024-03-12
An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege 
Max CVSS
10.0
EPSS Score
0.06%
Published
2024-01-02
Updated
2024-01-09
 In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a     possible way to access adb before SUW completion due to an insecure default     value. This could lead to local escalation of privilege with no additional     execution privileges needed. User interaction is not needed for     exploitation
Max CVSS
10.0
EPSS Score
0.04%
Published
2024-01-02
Updated
2024-01-10
Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application
Max CVSS
9.8
EPSS Score
0.06%
Published
2023-12-11
Updated
2023-12-13
In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-12-04
Updated
2024-02-15
In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
9.8
EPSS Score
0.08%
Published
2023-12-04
Updated
2024-02-02
In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-12-04
Updated
2023-12-22
In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-09-11
Updated
2023-09-13
there is a possible out of bounds write due to buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-10-11
Updated
2023-10-18
In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-10-11
Updated
2023-10-14
In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-10-11
Updated
2023-10-14
In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-10-11
Updated
2023-10-14
ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious `X-HTTP-Method-Override` header value to bypass JWT authentication in specific cases. ESPv2 allows malicious requests to bypass authentication if both the conditions are true: The requested HTTP method is **not** in the API service definition (OpenAPI spec or gRPC `google.api.http` proto annotations, and the specified `X-HTTP-Method-Override` is a valid HTTP method in the API service definition. ESPv2 will forward the request to your backend without checking the JWT. Attackers can craft requests with a malicious `X-HTTP-Method-Override` value that allows them to bypass specifying JWTs. Restricting API access with API keys works as intended and is not affected by this vulnerability. Upgrade deployments to release v2.43.0 or higher to receive a patch. This release ensures that JWT authentication occurs, even when the caller specifies `x-http-method-override`. `x-http-method-override` is still supported by v2.43.0+. API clients can continue sending this header to ESPv2.
Max CVSS
9.8
EPSS Score
0.12%
Published
2023-04-26
Updated
2023-05-09
TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.
Max CVSS
9.8
EPSS Score
0.10%
Published
2023-03-25
Updated
2023-03-31
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Max CVSS
9.8
EPSS Score
0.06%
Published
2023-03-25
Updated
2023-03-31
In RGXDestroyZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-12-04
Updated
2023-12-22
In MMU_UnmapPages of mmu_common.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-12-04
Updated
2023-12-22
In DevmemIntChangeSparse of devicemem_server.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-12-04
Updated
2023-12-22
In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-08-14
Updated
2023-08-21
1626 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!