CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29778
https://notcve.org/view.php?id=CVE-2024-29778
In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. En ProtocolPsDedicatedBearInfoAdapter::processQosSession de protocolpsadapter.cpp, existe una posible lectura fuera de los límites debido a una verificación de los límites faltantes. Esto podría dar lugar a la divulgación de información local y comprometer el firmware de banda base. • https://source.android.com/security/bulletin/pixel/2024-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32929
https://notcve.org/view.php?id=CVE-2024-32929
In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En gpu_slc_get_region de pixel_gpu_slc.c, existe un posible EoP debido a un use after free. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/security/bulletin/pixel/2024-05-01 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5847
https://notcve.org/view.php?id=CVE-2024-5847
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Use after free en PDFium en Google Chrome anterior a 126.0.6478.54 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de un archivo PDF manipulado. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/341313077 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5846
https://notcve.org/view.php?id=CVE-2024-5846
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Use after free en PDFium en Google Chrome anterior a 126.0.6478.54 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de un archivo PDF manipulado. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/341095523 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5845
https://notcve.org/view.php?id=CVE-2024-5845
Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Use after free en Audio en Google Chrome anterior a 126.0.6478.54 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de un archivo PDF manipulado. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/340178596 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX • CWE-416: Use After Free •