Total
159 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-3781 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
there is a possible use-after-free write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-2612 | 1 Canonical | 1 Ubuntu Linux | 2023-12-10 | N/A | 4.7 MEDIUM |
Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock). | |||||
CVE-2023-20743 | 3 Google, Linuxfoundation, Mediatek | 14 Android, Iot-yocto, Yocto and 11 more | 2023-12-10 | N/A | 6.7 MEDIUM |
In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519142. | |||||
CVE-2023-20746 | 3 Google, Linuxfoundation, Mediatek | 23 Android, Iot-yocto, Yocto and 20 more | 2023-12-10 | N/A | 6.7 MEDIUM |
In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217. | |||||
CVE-2023-3436 | 1 Xpdfreader | 1 Xpdf | 2023-12-10 | N/A | 3.3 LOW |
Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream. | |||||
CVE-2023-20737 | 3 Google, Linuxfoundation, Mediatek | 23 Android, Iot-yocto, Yocto and 20 more | 2023-12-10 | N/A | 6.7 MEDIUM |
In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645167. | |||||
CVE-2023-21000 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194783918 | |||||
CVE-2023-22318 | 1 Tribe29 | 1 Checkmk Appliance Firmware | 2023-12-10 | N/A | 7.5 HIGH |
Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5. | |||||
CVE-2023-21189 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.3 HIGH |
In startLockTaskMode of LockTaskController.java, there is a possible bypass of lock task mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-213942596 | |||||
CVE-2023-21120 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258188673 | |||||
CVE-2023-20745 | 3 Google, Linuxfoundation, Mediatek | 14 Android, Iot-yocto, Yocto and 11 more | 2023-12-10 | N/A | 6.7 MEDIUM |
In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07560694. | |||||
CVE-2023-20733 | 3 Google, Linuxfoundation, Mediatek | 23 Android, Iot-yocto, Yocto and 20 more | 2023-12-10 | N/A | 6.7 MEDIUM |
In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645149. | |||||
CVE-2022-48216 | 1 Uniswap | 2 Universal Router, Universal Router Firmware | 2023-12-10 | N/A | 7.5 HIGH |
Uniswap Universal Router before 1.1.0 mishandles reentrancy. This would have allowed theft of funds. | |||||
CVE-2023-20618 | 2 Google, Mediatek | 25 Android, Mt6761, Mt6762 and 22 more | 2023-12-10 | N/A | 6.7 MEDIUM |
In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519184; Issue ID: ALPS07519184. | |||||
CVE-2023-22412 | 1 Juniper | 46 Junos, Mx10, Mx10000 and 43 more | 2023-12-10 | N/A | 7.5 HIGH |
An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC or MS-MIC card and SRX Series allows an unauthenticated, network-based attacker to cause a flow processing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue occurs when SIP ALG is enabled and specific SIP messages are processed simultaneously. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1 on MX Series, or SRX Series. | |||||
CVE-2023-20939 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981 | |||||
CVE-2022-42775 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | |||||
CVE-2022-42329 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-12-10 | N/A | 5.5 MEDIUM |
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). | |||||
CVE-2022-42328 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-12-10 | N/A | 5.5 MEDIUM |
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). | |||||
CVE-2023-20928 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel |