CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29748 – Android Pixel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-29748
05 Apr 2024 — there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Existe una posible forma de omitirlo debido a un error lógico en el código. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/security/bulletin/pixel/2024-04-01 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-48418 – User Build misconfiguration resulting in local escalation of privilege
https://notcve.org/view.php?id=CVE-2023-48418
02 Jan 2024 — In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation En checkDebuggingDisallowed de DeviceVersionFragment.java, existe una forma posible de acceder a adb antes de que se complete SUW debido a un valor predeterminado inseguro. Esto podría conducir a una escalada local... • https://packetstorm.news/files/id/176446 • CWE-269: Improper Privilege Management •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4164 – There is a possible information disclosure due to a missing permission check in Pixel Watch
https://notcve.org/view.php?id=CVE-2023-4164
02 Jan 2024 — There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed. Existe una posible divulgación de información debido a que falta una verificación de permiso. Esto podría conducir a la divulgación de información local de datos de salud sin necesidad de privilegios de ejecución adicionales. There is a possible information disclosure due to a missing permission check. • https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 6.3EPSS: 31%CPEs: 28EXPL: 8CVE-2023-45866 – bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution
https://notcve.org/view.php?id=CVE-2023-45866
07 Dec 2023 — Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. Bluetooth HID Hosts in BlueZ ... • https://github.com/pentestfunctions/BlueDucky • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 2CVE-2023-44216
https://notcve.org/view.php?id=CVE-2023-44216
26 Sep 2023 — PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin. PVRIC (PowerVR Image Compression) en Imagination 2018 y dispositivos GPU posteriores ofrece compresión tr... • https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2016-5346
https://notcve.org/view.php?id=CVE-2016-5346
08 Jan 2020 — An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280). Existe una vulnerabilidad de divulgación de información en el Google Pixel/Pixel SL Qualcomm Avtimer Driver debido a una desreferencia del puntero NULL al procesar una llamada de sistema de aceptación... • http://www.securityfocus.com/bid/97371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 74%CPEs: 131EXPL: 5CVE-2017-15361 – HPE Security Bulletin HPESBHF03789 2
https://notcve.org/view.php?id=CVE-2017-15361
16 Oct 2017 — The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature... • https://github.com/nsacyber/Detect-CVE-2017-15361-TPM •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-6915
https://notcve.org/view.php?id=CVE-2016-6915
24 Apr 2017 — Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5. Desbordamiento de búfer basado en la pila en nvhost_job.c en el controlador de vídeo NVIDIA para Android, Shield TV versiones anteriores de OTA 3.3, Shield Table versiones anteriores de OTA 4.4 y Shield Table TK1 versiones anteriores de OTA 1.5. • http://nvidia.custhelp.com/app/answers/detail/a_id/4276/~/security-bulletin%3A-nvidia-shield-contains-multiple-vulnerabilities-in • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-6916
https://notcve.org/view.php?id=CVE-2016-6916
24 Apr 2017 — Integer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5 allows local users to cause a denial of service (system crash) via unspecified vectors, which triggers a buffer overflow. Desbordamiento de entero en nvhost_job.c en el video driver NVIDIA para Android, Shield TV en versiones anteriores a OTA 3.3, Shield Table en versiones anteriores a OTA 4.4, y Shield Table TK1 en versiones anteriores a OTA 1.5... • http://nvidia.custhelp.com/app/answers/detail/a_id/4561 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-6917
https://notcve.org/view.php?id=CVE-2016-6917
24 Apr 2017 — Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5. Desbordamiento de búfer en nvhost_job.c en el video driver NVIDIA video para Android, Shield TV en versiones anteriores a OTA 3.3, Shield Table en versiones anteriores a OTA 4.4, y Shield Table TK1 en versiones anteriores a OTA 1.5. • http://nvidia.custhelp.com/app/answers/detail/a_id/4561 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •