Total
198 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39640 | 1 Google | 1 Android | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157294279References: N/A | |||||
| CVE-2022-20376 | 1 Google | 1 Android | 2023-08-08 | N/A | 6.7 MEDIUM |
| In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216130110References: N/A | |||||
| CVE-2021-0147 | 1 Intel | 1 Power Management Controller | 2023-08-08 | 2.1 LOW | 4.4 MEDIUM |
| Improper locking in the Power Management Controller (PMC) for some Intel Chipset firmware before versions pmc_fw_lbg_c1-21ww02a and pmc_fw_lbg_b0-21ww02a may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2021-39649 | 1 Google | 1 Android | 2023-08-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| In regmap_exit of regmap.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049006References: N/A | |||||
| CVE-2022-26452 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In isp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262305; Issue ID: ALPS07262305. | |||||
| CVE-2022-32811 | 1 Apple | 2 Mac Os X, Macos | 2023-08-08 | N/A | 7.8 HIGH |
| A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-38505 | 1 Dietpi-dashboard Project | 1 Dietpi-dashboard | 2023-08-03 | N/A | 7.5 HIGH |
| DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections. | |||||
| CVE-2023-3436 | 1 Xpdfreader | 1 Xpdf | 2023-07-06 | N/A | 3.3 LOW |
| Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream. | |||||
| CVE-2023-21189 | 1 Google | 1 Android | 2023-07-05 | N/A | 7.3 HIGH |
| In startLockTaskMode of LockTaskController.java, there is a possible bypass of lock task mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-213942596 | |||||
| CVE-2022-38690 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-06-27 | N/A | 5.5 MEDIUM |
| In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | |||||
| CVE-2023-2612 | 1 Canonical | 1 Ubuntu Linux | 2023-06-22 | N/A | 4.7 MEDIUM |
| Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock). | |||||
| CVE-2023-21120 | 1 Google | 1 Android | 2023-06-22 | N/A | 7.8 HIGH |
| In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258188673 | |||||
| CVE-2023-20733 | 3 Google, Linuxfoundation, Mediatek | 23 Android, Iot-yocto, Yocto and 20 more | 2023-06-09 | N/A | 6.7 MEDIUM |
| In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645149. | |||||
| CVE-2023-20746 | 3 Google, Linuxfoundation, Mediatek | 23 Android, Iot-yocto, Yocto and 20 more | 2023-06-09 | N/A | 6.7 MEDIUM |
| In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217. | |||||
| CVE-2023-20743 | 3 Google, Linuxfoundation, Mediatek | 14 Android, Iot-yocto, Yocto and 11 more | 2023-06-09 | N/A | 6.7 MEDIUM |
| In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519142. | |||||
| CVE-2023-20745 | 3 Google, Linuxfoundation, Mediatek | 14 Android, Iot-yocto, Yocto and 11 more | 2023-06-09 | N/A | 6.7 MEDIUM |
| In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07560694. | |||||
| CVE-2023-20737 | 3 Google, Linuxfoundation, Mediatek | 23 Android, Iot-yocto, Yocto and 20 more | 2023-06-09 | N/A | 6.7 MEDIUM |
| In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645167. | |||||
| CVE-2022-2959 | 1 Linux | 1 Linux Kernel | 2023-05-26 | N/A | 7.0 HIGH |
| A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system. | |||||
| CVE-2023-22318 | 1 Tribe29 | 1 Checkmk Appliance Firmware | 2023-05-25 | N/A | 7.5 HIGH |
| Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5. | |||||
| CVE-2023-21000 | 1 Google | 1 Android | 2023-03-29 | N/A | 7.8 HIGH |
| In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194783918 | |||||