Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

dir-605l_firmware

Source -

NVDADP

CNA CVEs -

0

ADP CVEs -

97

CISA CVEs -

0

NVD CVEs -

59
Related CVEsRelated VendorsRelated AssignersReports
135Vulnerabilities found
CVE-2024-27152
Assigner-Toshiba Corporation
ShareView Details
Assigner-Toshiba Corporation
CVSS Score-7.4||HIGH
EPSS-0.07% / 21.51%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 02:55
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation and Remote Code Execution using insecure permissions

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.

Action-Not Available
Vendor-Toshiba Tec Corporationtoshibatec
Product-Toshiba Tec e-Studio multi-function peripheral (MFP)e-studio-4528-age-studio-2020_ace-studio-3115-nce-studio-2110-ace-studio-2015-nce-studio-3015-nce-studio-2510-ace-studio-3028-ae-studio-5525_ace-studio-5528-ae-studio-2515-nce-studio-4515_ace-studio-2518_ae-studio-400-ace-studio-3118_ae-studio-3525_ace-studio-3118_age-studio-2528-ae-studio-4615_ace-studio-2520_nce-studio-2618_ae-studio-9029-ae-studio-3018_ae-studio-7527-ace-studio-4525_ace-studio-2018_ae-studio-2021_ace-studio-2521_ace-studio-3025_ace-studio-6525_ace-studio-3528-age-studio-6527-ace-studio-2610-ace-studio-5015_ace-studio-6529-ae-studio-3515-nce-studio-6528-ae-studio-3528-ae-studio-3615-nce-studio-7529-ae-studio-2010-ace-studio-4528-ae-studio-2615-nce-studio-6526-ace-studio-5525_acge-studio-330-ace-studio-5115_ace-studio-2525_ace-studio-6525_acge-studio-3525_acg
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-27151
Assigner-Toshiba Corporation
ShareView Details
Assigner-Toshiba Corporation
CVSS Score-7.4||HIGH
EPSS-0.57% / 68.71%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 02:54
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation and Remote Code Execution using insecure permissions

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL.

Action-Not Available
Vendor-Toshiba Tec Corporationtoshibatec
Product-Toshiba Tec e-Studio multi-function peripheral (MFP)e-studio-4528-age-studio-2020_ace-studio-3115-nce-studio-2110-ace-studio-2015-nce-studio-3015-nce-studio-2510-ace-studio-3028-ae-studio-5525_ace-studio-5528-ae-studio-2515-nce-studio-4515_ace-studio-2518_ae-studio-400-ace-studio-3118_ae-studio-3525_ace-studio-3118_age-studio-2528-ae-studio-4615_ace-studio-2520_nce-studio-2618_ae-studio-9029-ae-studio-3018_ae-studio-7527-ace-studio-4525_ace-studio-2018_ae-studio-2021_ace-studio-2521_ace-studio-3025_ace-studio-6525_ace-studio-3528-age-studio-6527-ace-studio-2610-ace-studio-5015_ace-studio-6529-ae-studio-3515-nce-studio-6528-ae-studio-3528-ae-studio-3615-nce-studio-7529-ae-studio-2010-ace-studio-4528-ae-studio-2615-nce-studio-6526-ace-studio-5525_acge-studio-330-ace-studio-5115_ace-studio-2525_ace-studio-6525_acge-studio-3525_acg
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-27150
Assigner-Toshiba Corporation
ShareView Details
Assigner-Toshiba Corporation
CVSS Score-7.4||HIGH
EPSS-0.07% / 21.51%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 02:52
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation and Remote Code Execution using insecure LD_LIBRARY_PATH

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.

Action-Not Available
Vendor-Toshiba Tec Corporationtoshibatec
Product-Toshiba Tec e-Studio multi-function peripheral (MFP)e-studio-4528-age-studio-2020_ace-studio-3115-nce-studio-2110-ace-studio-2015-nce-studio-3015-nce-studio-2510-ace-studio-3028-ae-studio-5525_ace-studio-5528-ae-studio-2515-nce-studio-4515_ace-studio-2518_ae-studio-400-ace-studio-3118_ae-studio-3525_ace-studio-3118_age-studio-2528-ae-studio-4615_ace-studio-2520_nce-studio-2618_ae-studio-9029-ae-studio-3018_ae-studio-7527-ace-studio-4525_ace-studio-2018_ae-studio-2021_ace-studio-2521_ace-studio-3025_ace-studio-6525_ace-studio-3528-age-studio-6527-ace-studio-2610-ace-studio-5015_ace-studio-6529-ae-studio-3515-nce-studio-6528-ae-studio-3528-ae-studio-3615-nce-studio-7529-ae-studio-2010-ace-studio-4528-ae-studio-2615-nce-studio-6526-ace-studio-5525_acge-studio-330-ace-studio-5115_ace-studio-2525_ace-studio-6525_acge-studio-3525_acg
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-27149
Assigner-Toshiba Corporation
ShareView Details
Assigner-Toshiba Corporation
CVSS Score-7.4||HIGH
EPSS-0.07% / 21.51%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 02:50
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation and Remote Code Execution using insecure LD_PRELOAD

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.

Action-Not Available
Vendor-Toshiba Tec Corporationtoshibatec
Product-Toshiba Tec e-Studio multi-function peripheral (MFP)e-studio-4528-age-studio-2020_ace-studio-3115-nce-studio-2110-ace-studio-2015-nce-studio-3015-nce-studio-2510-ace-studio-3028-ae-studio-5525_ace-studio-5528-ae-studio-2515-nce-studio-4515_ace-studio-2518_ae-studio-400-ace-studio-3118_ae-studio-3525_ace-studio-3118_age-studio-2528-ae-studio-4615_ace-studio-2520_nce-studio-2618_ae-studio-9029-ae-studio-3018_ae-studio-7527-ace-studio-4525_ace-studio-2018_ae-studio-2021_ace-studio-2521_ace-studio-3025_ace-studio-6525_ace-studio-3528-age-studio-6527-ace-studio-2610-ace-studio-5015_ace-studio-6529-ae-studio-3515-nce-studio-6528-ae-studio-3528-ae-studio-3615-nce-studio-7529-ae-studio-2010-ace-studio-4528-ae-studio-2615-nce-studio-6526-ace-studio-5525_acge-studio-330-ace-studio-5115_ace-studio-2525_ace-studio-6525_acge-studio-3525_acg
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-27148
Assigner-Toshiba Corporation
ShareView Details
Assigner-Toshiba Corporation
CVSS Score-7.4||HIGH
EPSS-0.07% / 21.51%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 02:46
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation and Remote Code Execution using insecure PATH

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.

Action-Not Available
Vendor-Toshiba Tec Corporationtoshibatec
Product-Toshiba Tec e-Studio multi-function peripheral (MFP)e-studio-4528-age-studio-2020_ace-studio-3115-nce-studio-2110-ace-studio-2015-nce-studio-3015-nce-studio-2510-ace-studio-3028-ae-studio-5525_ace-studio-5528-ae-studio-2515-nce-studio-4515_ace-studio-2518_ae-studio-400-ace-studio-3118_ae-studio-3525_ace-studio-3118_age-studio-2528-ae-studio-4615_ace-studio-2520_nce-studio-2618_ae-studio-9029-ae-studio-3018_ae-studio-7527-ace-studio-4525_ace-studio-2018_ae-studio-2021_ace-studio-2521_ace-studio-3025_ace-studio-6525_ace-studio-3528-age-studio-6527-ace-studio-2610-ace-studio-5015_ace-studio-6529-ae-studio-3515-nce-studio-6528-ae-studio-3528-ae-studio-3615-nce-studio-7529-ae-studio-2010-ace-studio-4528-ae-studio-2615-nce-studio-6526-ace-studio-5525_acge-studio-330-ace-studio-5115_ace-studio-2525_ace-studio-6525_acge-studio-3525_acg
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-27147
Assigner-Toshiba Corporation
ShareView Details
Assigner-Toshiba Corporation
CVSS Score-7.4||HIGH
EPSS-0.08% / 23.34%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 02:44
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation and Remote Code Execution using snmpd

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.

Action-Not Available
Vendor-Toshiba Tec Corporationtoshibatec
Product-Toshiba Tec e-Studio multi-function peripheral (MFP)e-studio-4528-age-studio-2020_ace-studio-3115-nce-studio-2110-ace-studio-2015-nce-studio-3015-nce-studio-2510-ace-studio-3028-ae-studio-5525_ace-studio-5528-ae-studio-2515-nce-studio-4515_ace-studio-2518_ae-studio-400-ace-studio-3118_ae-studio-3525_ace-studio-3118_age-studio-2528-ae-studio-4615_ace-studio-2520_nce-studio-2618_ae-studio-9029-ae-studio-3018_ae-studio-7527-ace-studio-4525_ace-studio-2018_ae-studio-2021_ace-studio-2521_ace-studio-3025_ace-studio-6525_ace-studio-3528-age-studio-6527-ace-studio-2610-ace-studio-5015_ace-studio-6529-ae-studio-3515-nce-studio-6528-ae-studio-3528-ae-studio-3615-nce-studio-7529-ae-studio-2010-ace-studio-4528-ae-studio-2615-nce-studio-6526-ace-studio-5525_acge-studio-330-ace-studio-5115_ace-studio-2525_ace-studio-6525_acge-studio-3525_acg
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-27146
Assigner-Toshiba Corporation
ShareView Details
Assigner-Toshiba Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 16.96%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 02:35
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lack of privileges separation

The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference URL.

Action-Not Available
Vendor-Toshiba Tec Corporationtoshibatec
Product-Toshiba Tec e-Studio multi-function peripheral (MFP)e-studio-4528-age-studio-2020_ace-studio-3115-nce-studio-2110-ace-studio-2015-nce-studio-3015-nce-studio-2510-ace-studio-3028-ae-studio-5525_ace-studio-5528-ae-studio-2515-nce-studio-4515_ace-studio-2518_ae-studio-400-ace-studio-3118_ae-studio-3525_ace-studio-3118_age-studio-2528-ae-studio-4615_ace-studio-2520_nce-studio-2618_ae-studio-9029-ae-studio-3018_ae-studio-7527-ace-studio-4525_ace-studio-2018_ae-studio-2021_ace-studio-2521_ace-studio-3025_ace-studio-6525_ace-studio-3528-age-studio-6527-ace-studio-2610-ace-studio-5015_ace-studio-6529-ae-studio-3515-nce-studio-6528-ae-studio-3528-ae-studio-3615-nce-studio-7529-ae-studio-2010-ace-studio-4528-ae-studio-2615-nce-studio-6526-ace-studio-5525_acge-studio-330-ace-studio-5115_ace-studio-2525_ace-studio-6525_acge-studio-3525_acg
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-27145
Assigner-Toshiba Corporation
ShareView Details
Assigner-Toshiba Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 57.17%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 02:33
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Post-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.

Action-Not Available
Vendor-Toshiba Tec Corporationtoshibatec
Product-Toshiba Tec e-Studio multi-function peripheral (MFP)e-studio-4528-age-studio-2020_ace-studio-3115-nce-studio-2110-ace-studio-2015-nce-studio-3015-nce-studio-2510-ace-studio-3028-ae-studio-5525_ace-studio-5528-ae-studio-2515-nce-studio-4515_ace-studio-2518_ae-studio-400-ace-studio-3118_ae-studio-3525_ace-studio-3118_age-studio-2528-ae-studio-4615_ace-studio-2520_nce-studio-2618_ae-studio-9029-ae-studio-3018_ae-studio-7527-ace-studio-4525_ace-studio-2018_ae-studio-2021_ace-studio-2521_ace-studio-3025_ace-studio-6525_ace-studio-3528-age-studio-6527-ace-studio-2610-ace-studio-5015_ace-studio-6529-ae-studio-3515-nce-studio-6528-ae-studio-3528-ae-studio-3615-nce-studio-7529-ae-studio-2010-ace-studio-4528-ae-studio-2615-nce-studio-6526-ace-studio-5525_acge-studio-330-ace-studio-5115_ace-studio-2525_ace-studio-6525_acge-studio-3525_acg
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-3079
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-7.2||HIGH
EPSS-3.55% / 87.70%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 02:32
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS Router - Stack-based Buffer Overflow

Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-ZenWiFi XT8 V2ZenWiFi XT8RT-AX58URT-AX88URT-AC68URT-AX57RT-AC86Urt-ac68u_firmwarert-ax88u_firmwarert-ax58u_firmwarert-ax57_firmwarert-ac86u_firmwarezenwifi_xt8_v2_firmwarezenwifi_xt8_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-27144
Assigner-Toshiba Corporation
ShareView Details
Assigner-Toshiba Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.60% / 81.74%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 02:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pre-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.

Action-Not Available
Vendor-Toshiba Tec Corporationtoshibatec
Product-Toshiba Tec e-Studio multi-function peripheral (MFP)e-studio-4528-age-studio-2020_ace-studio-3115-nce-studio-2110-ace-studio-2015-nce-studio-3015-nce-studio-2510-ace-studio-3028-ae-studio-5525_ace-studio-5528-ae-studio-2515-nce-studio-4515_ace-studio-2518_ae-studio-400-ace-studio-3118_ae-studio-3525_ace-studio-3118_age-studio-2528-ae-studio-4615_ace-studio-2520_nce-studio-2618_ae-studio-9029-ae-studio-3018_ae-studio-7527-ace-studio-4525_ace-studio-2018_ae-studio-2021_ace-studio-2521_ace-studio-3025_ace-studio-6525_ace-studio-3528-age-studio-6527-ace-studio-2610-ace-studio-5015_ace-studio-6529-ae-studio-3515-nce-studio-6528-ae-studio-3528-ae-studio-3615-nce-studio-7529-ae-studio-2010-ace-studio-4528-ae-studio-2615-nce-studio-6526-ace-studio-5525_acge-studio-330-ace-studio-5115_ace-studio-2525_ace-studio-6525_acge-studio-3525_acg
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-27143
Assigner-Toshiba Corporation
ShareView Details
Assigner-Toshiba Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 40.88%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 02:29
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pre-authenticated Remote Code Execution

Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.

Action-Not Available
Vendor-Toshiba Tec Corporationtoshibatec
Product-Toshiba Tec e-Studio multi-function peripheral (MFP)e-studio-4528-age-studio-2020_ace-studio-3115-nce-studio-2110-ace-studio-2015-nce-studio-3015-nce-studio-2510-ace-studio-3028-ae-studio-5525_ace-studio-5528-ae-studio-2515-nce-studio-4515_ace-studio-2518_ae-studio-400-ace-studio-3118_ae-studio-3525_ace-studio-3118_age-studio-2528-ae-studio-4615_ace-studio-2520_nce-studio-2618_ae-studio-9029-ae-studio-3018_ae-studio-7527-ace-studio-4525_ace-studio-2018_ae-studio-2021_ace-studio-2521_ace-studio-3025_ace-studio-6525_ace-studio-3528-age-studio-6527-ace-studio-2610-ace-studio-5015_ace-studio-6529-ae-studio-3515-nce-studio-6528-ae-studio-3528-ae-studio-3615-nce-studio-7529-ae-studio-2010-ace-studio-4528-ae-studio-2615-nce-studio-6526-ace-studio-5525_acge-studio-330-ace-studio-5115_ace-studio-2525_ace-studio-6525_acge-studio-3525_acg
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-27141
Assigner-Toshiba Corporation
ShareView Details
Assigner-Toshiba Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 02:21
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pre-authenticated Time-Based Blind XXE injection

Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. An attacker can exploit the XXE to retrieve information. As for the affected products/models/versions, see the reference URL.

Action-Not Available
Vendor-Toshiba Tec Corporationtoshibatec
Product-Toshiba Tec e-Studio multi-function peripheral (MFP)e-studio-4528-age-studio-2020_ace-studio-3115-nce-studio-2110-ace-studio-2015-nce-studio-3015-nce-studio-2510-ace-studio-3028-ae-studio-5525_ace-studio-5528-ae-studio-2515-nce-studio-4515_ace-studio-400-ace-studio-3525_ace-studio-2528-ae-studio-4615_ace-studio-2520_nce-studio-9029-ae-studio-7527-ace-studio-4525_ace-studio-2021_ace-studio-2521_ace-studio-3025_ace-studio-6525_ace-studio-3528-age-studio-6527-ace-studio-2610-ace-studio-6529-ae-studio-3515-nce-studio-6528-ae-studio-3528-ae-studio-3615-nce-studio-7529-ae-studio-2010-ace-studio-4528-ae-studio-2615-nce-studio-6526-ace-studio-5525_acge-studio-330-ace-studio-2525_ace-studio-6525_acge-studio-3525_acg
CWE ID-CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVE-2024-5985
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.69%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 02:00
Updated-07 Mar, 2025 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Online News Portal index.php sql injection

A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268461 was assigned to this vulnerability.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-best_online_news_portalBest Online News Portalbest_online_news_portal
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5984
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.10% / 27.67%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 01:31
Updated-09 Oct, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Online Bookstore book.php sql injection

A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268460.

Action-Not Available
Vendor-ITSourceCodePHPGurukul LLP
Product-online_book_store_projectOnline Bookstoreonline_book_store
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5983
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.19% / 40.45%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 01:31
Updated-01 Aug, 2024 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Online Bookstore bookPerPub.php sql injection

A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file bookPerPub.php. The manipulation of the argument pubid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268459.

Action-Not Available
Vendor-online_book_store_projectITSourceCode
Product-online_book_store_projectOnline Bookstoreonline_book_store
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-51507
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.87%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 01:01
Updated-07 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quiz And Survey Master plugin <= 8.1.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16.

Action-Not Available
Vendor-expresstechExpressTechexpresstech
Product-quiz_and_survey_masterQuiz And Survey Masterquiz_and_survey_master
CWE ID-CWE-862
Missing Authorization
CVE-2023-35040
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 60.79%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 23:51
Updated-03 Apr, 2025 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SendPress Newsletters plugin <= 1.23.11.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6.

Action-Not Available
Vendor-pressifiedSendPresspressified
Product-sendpressSendPress Newsletterssendpress
CWE ID-CWE-862
Missing Authorization
CVE-2023-37394
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.87%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 23:44
Updated-07 Aug, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Dummy Content Generator plugin <= 2.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 2.3.0.

Action-Not Available
Vendor-wp_dummy_content_generator_projectDeepak ananddeepak_anand
Product-wp_dummy_content_generatorWP Dummy Content Generatorwp_dummy_content_generator
CWE ID-CWE-862
Missing Authorization
CVE-2024-0085
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 22.74%
||
7 Day CHG-0.02%
Published-13 Jun, 2024 | 21:23
Updated-19 Aug, 2024 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.

Action-Not Available
Vendor-VMware (Broadcom Inc.)NVIDIA CorporationRed Hat, Inc.Citrix (Cloud Software Group, Inc.)Canonical Ltd.Microsoft Corporation
Product-ubuntu_linuxazure_stack_hcienterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software and Cloud Gamingcloud_gaming_virtual_gpuvirtual_gpu
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-0084
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.65%
||
7 Day CHG-0.05%
Published-13 Jun, 2024 | 21:23
Updated-15 Aug, 2024 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.

Action-Not Available
Vendor-VMware (Broadcom Inc.)NVIDIA CorporationRed Hat, Inc.Canonical Ltd.Citrix (Cloud Software Group, Inc.)
Product-ubuntu_linuxenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software and Cloud Gamingvirtual_gpu_graphics_driver
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-0099
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.07%
||
7 Day CHG-0.02%
Published-13 Jun, 2024 | 21:23
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-vGPU software and Cloud Gamingnvsteslaquadrogeforcertx
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-0091
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.64%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-15 Aug, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)Microsoft CorporationCanonical Ltd.Red Hat, Inc.VMware (Broadcom Inc.)NVIDIA CorporationLinux Kernel Organization, Inc
Product-ubuntu_linuxstudiovirtual_gpuhypervisorteslavspherequadrocloud_gaminggeforcertxlinux_kernelgpu_display_driverazure_stack_hcienterprise_linux_kernel-based_virtual_machinenvswindowsGPU display driver, vGPU software, and Cloud Gamingstudioquadro_firmwarenvs_firmwareteslageforcertx
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2024-0089
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.59%
||
7 Day CHG-0.04%
Published-13 Jun, 2024 | 21:23
Updated-15 Aug, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-studiogpu_display_drivervirtual_gpunvswindowsteslaquadrocloud_gaminggeforcertxGPU display driver, vGPU software, and Cloud Gamingstudioquadro_firmwarenvs_firmwareteslageforcertx
CWE ID-CWE-665
Improper Initialization
CVE-2024-0090
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.06%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-15 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)Microsoft CorporationCanonical Ltd.Red Hat, Inc.VMware (Broadcom Inc.)NVIDIA CorporationLinux Kernel Organization, Inc
Product-ubuntu_linuxstudiovirtual_gpuhypervisorteslavspherequadrocloud_gaminggeforcertxlinux_kernelgpu_display_driverazure_stack_hcienterprise_linux_kernel-based_virtual_machinenvswindowsGPU display driver, vGPU software, and Cloud Gamingvirtual_gpucloud_gaminggpu_display_driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0095
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 66.16%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:16
Updated-26 Sep, 2025 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationNVIDIA Corporation
Product-linux_kerneltriton_inference_serverwindowsNVIDIA Triton Inference Servertriton_inference_server
CWE ID-CWE-117
Improper Output Neutralization for Logs
CVE-2024-32925
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-8.8||HIGH
EPSS-1.91% / 83.34%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:02
Updated-22 Jul, 2025 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-32922
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-7.4||HIGH
EPSS-0.05% / 16.09%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:02
Updated-22 Jul, 2025 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gpu_pm_power_on_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-32921
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-7.4||HIGH
EPSS-0.04% / 11.66%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:02
Updated-22 Jul, 2025 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In lwis_initialize_transaction_fences of lwis_fence.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-32919
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.90%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:02
Updated-22 Jul, 2025 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In lwis_add_completion_fence of lwis_fence.c, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidpixel
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-32918
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 4.18%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:02
Updated-19 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key Exchange initialization steps

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-32917
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.25%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:02
Updated-15 Aug, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In pl330_dma_from_peri_start() of fp_spi_dma.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Androidandroid_kernel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-32913
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-9.8||CRITICAL
EPSS-3.34% / 87.33%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:02
Updated-19 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-32911
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-7.5||HIGH
EPSS-1.90% / 83.27%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:02
Updated-06 Sep, 2024 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid_kernel
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-32909
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-8.1||HIGH
EPSS-0.10% / 26.97%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Androidpixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-32908
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-8.4||HIGH
EPSS-0.01% / 0.51%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sec_media_protect of media.c, there is a possible permission bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-32907
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-8.4||HIGH
EPSS-0.06% / 19.02%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Androidandroid
CWE ID-CWE-20
Improper Input Validation
CVE-2024-32906
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.31%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-08 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid_kernel
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-32905
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-9.8||CRITICAL
EPSS-8.09% / 92.16%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-32903
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-7.4||HIGH
EPSS-0.03% / 7.89%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-20 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-32902
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.18%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-26 Feb, 2026 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet)

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-32901
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.56%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-24 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-267
Privilege Defined With Unsafe Actions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-32900
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.35%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-19 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. This could lead to local escalation of privilege from hal_camera_default SELinux label with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-667
Improper Locking
CWE ID-CWE-416
Use After Free
CVE-2024-32899
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-7||HIGH
EPSS-0.03% / 7.06%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-08 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid_kernel
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-32896
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-8.1||HIGH
EPSS-0.18% / 39.46%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-24 Oct, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-07-04||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLCAndroid
Product-androidAndroidandroidPixel
CWE ID-CWE-670
Always-Incorrect Control Flow Implementation
CWE ID-CWE-783
Operator Precedence Logic Error
CVE-2024-32895
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 25.31%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-19 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-32893
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-8.1||HIGH
EPSS-0.12% / 30.90%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidpixel
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2024-32891
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-7||HIGH
EPSS-0.02% / 5.78%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-29787
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-7.4||HIGH
EPSS-0.03% / 8.82%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-02 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-416
Use After Free
CVE-2024-29786
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-6.4||MEDIUM
EPSS-0.99% / 76.89%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-02 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-29784
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-7.7||HIGH
EPSS-0.03% / 7.97%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-02 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidpixel
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-29781
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-7.5||HIGH
EPSS-0.49% / 65.59%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-19 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • Next