CVE-2024-39882

CVE-2024-39882

Título es
CVE-2024-39882

Mar, 09/07/2024 – 22:15

Tipo
CWE-125

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-39882

Descripción en
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.

10/07/2024
10/07/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01

    • Enviar en el boletín
    Off

    CVE-2024-37865

    CVE-2024-37865

    Título es
    CVE-2024-37865

    Mar, 09/07/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37865

    Descripción en
    An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component.

    09/07/2024
    09/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://gist.github.com/iTrooz/629bd30cfa09cc527a0859e8cca83a4b

    • Enviar en el boletín
    Off

    CVE-2024-34726

    CVE-2024-34726

    Título es
    CVE-2024-34726

    Mar, 09/07/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-34726

    Descripción en
    In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

    09/07/2024
    09/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://source.android.com/security/bulletin/2024-07-01

    • Enviar en el boletín
    Off

    CVE-2024-34725

    CVE-2024-34725

    Título es
    CVE-2024-34725

    Mar, 09/07/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-34725

    Descripción en
    In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

    09/07/2024
    09/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://source.android.com/security/bulletin/2024-07-01

    • Enviar en el boletín
    Off

    CVE-2024-34724

    CVE-2024-34724

    Título es
    CVE-2024-34724

    Mar, 09/07/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-34724

    Descripción en
    In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

    09/07/2024
    09/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://source.android.com/security/bulletin/2024-07-01

    • Enviar en el boletín
    Off

    CVE-2024-34723

    CVE-2024-34723

    Título es
    CVE-2024-34723

    Mar, 09/07/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-34723

    Descripción en
    In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    09/07/2024
    09/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://android.googlesource.com/platform/frameworks/base/+/c702bb71811993960debe0c18fcf8834cfa2454f

  • https://source.android.com/security/bulletin/2024-07-01

    • Enviar en el boletín
    Off

    CVE-2024-34722

    CVE-2024-34722

    Título es
    CVE-2024-34722

    Mar, 09/07/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-34722

    Descripción en
    In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    09/07/2024
    09/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/456f705b9acc78d8184536baff3d21b0bc11c957

  • https://source.android.com/security/bulletin/2024-07-01

    • Enviar en el boletín
    Off

    CVE-2024-34721

    CVE-2024-34721

    Título es
    CVE-2024-34721

    Mar, 09/07/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-34721

    Descripción en
    In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

    09/07/2024
    09/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://android.googlesource.com/platform/packages/providers/MediaProvider/+/7a1cbf5a8e17e6bff7c835fdd30dcc42b681db0a

  • https://source.android.com/security/bulletin/2024-07-01

    • Enviar en el boletín
    Off