Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-34346 |
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading `/proc/self/environ` may provide access equivalent to `--allow-env`, and writing `/proc/self/mem` may provide access equivalent to `--allow-all`. Users who grant read and write access to the entire filesystem may not realize that these access to these files may have additional, unintended consequences. The documentation did not reflect that this practice should be undertaken to increase the strength of the security sandbox. Users who run code with `--allow-read` or `--allow-write` may unexpectedly end up granting additional permissions via file-system operations. Deno 1.43 and above require explicit `--allow-all` access to read or write `/etc`, `/dev` on unix platform (as well as `/proc` and `/sys` on linux platforms), and any path starting with `\\` on Windows. Published: May 07, 2024; 5:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27273 |
IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903. Published: May 07, 2024; 5:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23713 |
In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Published: May 07, 2024; 5:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23712 |
In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Published: May 07, 2024; 5:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23710 |
In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Published: May 07, 2024; 5:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23709 |
In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Published: May 07, 2024; 5:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23708 |
In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Published: May 07, 2024; 5:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23707 |
In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Published: May 07, 2024; 5:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23706 |
In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Published: May 07, 2024; 5:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23705 |
In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Published: May 07, 2024; 5:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23704 |
In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Published: May 07, 2024; 5:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-0043 |
In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Published: May 07, 2024; 5:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-0042 |
In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation. Published: May 07, 2024; 5:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-0027 |
In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Published: May 07, 2024; 5:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-0026 |
In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Published: May 07, 2024; 5:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-0025 |
In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Published: May 07, 2024; 5:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-0024 |
In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Published: May 07, 2024; 5:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-0022 |
In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Published: May 07, 2024; 5:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-40694 |
IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838. Published: May 07, 2024; 5:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-4559 |
Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: May 07, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |