CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10604 – Identifiable Header Values In Fuchsia Leading To Tracking of The User
https://notcve.org/view.php?id=CVE-2024-10604
30 Jan 2025 — Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances • https://fuchsia.googlesource.com/fuchsia/+/40e7fbcdcd013441daf4492f1ead349a9e5b80dc • CWE-330: Use of Insufficiently Random Values •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0882 – Illegal access to Kernel log in Fuchsia
https://notcve.org/view.php?id=CVE-2022-0882
03 May 2022 — A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater. Se presenta un error por el que un atacante puede leer el registro del kernel mediante de las direcciones expuestas del kernel de Zircon sin la capacidad requerida ZX_RSRC_KIND_ROOT. Se recomienda actualizar el kernel de Fuchsia a versión 4.1.1 o superior • https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=94740 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22556 – Integer Overflow in Fuchsia Kernel
https://notcve.org/view.php?id=CVE-2021-22556
03 May 2022 — The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond. El equipo de seguridad detectó un fallo de desbordamiento de enteros que permite a un atacante con ejecución de código emitir operaciones de no comprobación de la caché de memoria en páginas que no posee, lo que le permite contr... • https://fuchsia-review.googlesource.com/c/fuchsia/+/570881 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0247 – Write access to VMO data through copy-on-write in Fuchsia
https://notcve.org/view.php?id=CVE-2022-0247
25 Feb 2022 — An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions. Se presenta un problema en Fuchsia donde los datos VMO pueden ser modificados a través del acceso a las instantáneas de copia en escritura. Un atacante local podría modificar objetos en el VMO para los que no presenta ... • https://fuchsia.googlesource.com/fuchsia/+/d97c05d2301799ed585620a9c5c739d36e7b5d3d • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22566 – Incorrect mapping of Executable bits in Fuchsia Kernel
https://notcve.org/view.php?id=CVE-2021-22566
18 Jan 2022 — An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to bypass executability restrictions of kernel-mode pages from user-mode. An incorrect setting of PXN bits within mmu_flags_to_s1_pte_attr lead to unprivileged executable pages being mapped as executable from a privileged context. This can be leveraged by an attacker to bypass executability restrictions of user-mode... • https://fuchsia.googlesource.com/fuchsia/+/7d731b4e9599088ac3073956933559da7bca6a00 • CWE-275: Permission Issues CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2020-16022 – Gentoo Linux Security Advisory 202012-05
https://notcve.org/view.php?id=CVE-2020-16022
07 Dec 2020 — Insufficient policy enforcement in networking in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially bypass firewall controls via a crafted HTML page. Una aplicación insuficiente de políticas en networking en Google Chrome versiones anteriores a 87.0.4280.66, permitió a un atacante remoto omitir potencialmente los controles del firewall por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the... • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html •