VARIoT IoT vulnerabilities database

In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Google Pixel is a smartphone from Google Inc. There is a buffer overflow vulnerability in Google Pixel. Attackers can exploit this vulnerability to cause out-of-bounds reading

In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an integer overflow vulnerability.Information may be obtained. Google Pixel is a smartphone produced by Google in the United States. Attackers can exploit this vulnerability to cause out-of-bounds reading

In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. Attackers can exploit this vulnerability to cause memory access

In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Google Pixel is a smartphone from Google Inc. There is a buffer overflow vulnerability in Google Pixel. The vulnerability is caused by incorrect boundary checking in gsc_gsa_rescue of gsc_gsa.c. Attackers can exploit this vulnerability to cause out-of-bounds reading

In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. Attackers can exploit this vulnerability to cause out-of-bounds write

In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Google Pixel is a smartphone produced by Google in the United States. There is a buffer overflow vulnerability in Google Pixel. The vulnerability is caused by the lack of boundary check in sms_ExtractCbLanguage of sms_CellBroadcast.c. Attackers can exploit this vulnerability to cause out-of-bounds reading

In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Google Pixel is a smartphone produced by Google in the United States. There is a buffer overflow vulnerability in Google Pixel. The vulnerability is caused by the lack of boundary check in ProtocolEmbmsSaiListAdapter::Init of protocolembmsadapter.cpp. Attackers can exploit this vulnerability to cause out-of-bounds reading

In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Google Pixel is a smartphone produced by Google in the United States. The vulnerability is caused by the lack of boundary check in pmucal_rae_handle_seq_int of flexpmu_cal_rae.c. Attackers can exploit this vulnerability to cause out-of-bounds reading

In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. Google Pixel is a smartphone produced by Google in the United States. There is a buffer overflow vulnerability in Google Pixel. The vulnerability is caused by the lack of boundary check in protocolmiscmiscadapter.cpp of protocolmiscHwConfigChangeAdapter::GetData. Attackers can exploit this vulnerability to cause out-of-bounds reading

In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. Google Pixel has a buffer overflow vulnerability. The vulnerability is caused by incorrect boundary checking in mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c. Attackers can exploit this vulnerability to cause out-of-bounds write

In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android contains a double free vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )