Ryan Johnson

Pesquisador deQuokka
#9005de 53,633
30.3CVSS total
Vulnerabilidades · 5
Média
3
Alta
2
PT-2024-26072
4.0
2024-09-03
Kperfmon · Kperfmon · CVE-2024-34652
**Nome do software vulnerável e versões afetadas** Versões do kperfmon anteriores à SMR Set-2024 Release 1 **Descrição** O problema está relacionado a uma autorização incorreta no kperfmon, permitindo que invasores locais acessem informações relacionadas ao desempenho, incluindo o uso de aplicativos. **Recomendações** Para versões anteriores ao SMR Set-2024 Release 1, atualize para o SMR Set-2024 Release 1 ou posterior para resolver o problema. Como solução alternativa temporária, considere restringir o acesso ao kperfmon para minimizar o risco de exploração.
PT-2024-26034
4.0
2024-08-07
Smr · Smr · CVE-2024-34618
**Nome do software vulnerável e versões afetadas** Versões do System Property anteriores à SMR Aug-2024 Release 1 **Descrição** O problema está relacionado a um controle de acesso inadequado, permitindo que invasores locais acessem informações relacionadas às células. **Recomendações** Para versões anteriores ao SMR Aug-2024 Release 1, atualize para o SMR Aug-2024 Release 1 ou posterior para resolver o problema.
PT-2023-22849
6.7
2023-08-10
Unknown · Slocationservice · CVE-2023-30654
**Name of the Vulnerable Software and Affected Versions** SLocationService versions prior to SMR Aug-2023 Release 1 **Description** The issue is related to improper access control in SLocationService, allowing a local attacker to update a fake location. **Recommendations** For versions prior to SMR Aug-2023 Release 1, update to SMR Aug-2023 Release 1 or later to resolve the issue.
PT-2023-22876
7.8
2023-08-10
Unknown · Hdcp Trustlet · CVE-2023-30679
**Name of the Vulnerable Software and Affected Versions** HDCP trustlet versions prior to SMR Aug-2023 Release 1 **Description** The issue is related to improper access control in the HDCP trustlet, allowing local attackers to execute arbitrary code. This could potentially lead to security breaches. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to SMR Aug-2023 Release 1, update to SMR Aug-2023 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the HDCP trustlet until a patch is available.
PT-2023-22884
7.8
2023-08-10
Unknown · Libsec-Ril · CVE-2023-30686
**Name of the Vulnerable Software and Affected Versions** libsec-ril versions prior to SMR Aug-2023 Release 1 **Description** The issue is an out-of-bounds write in the `ReqDataRaw` of `libsec-ril`, allowing a local attacker to execute arbitrary code. **Recommendations** For versions prior to SMR Aug-2023 Release 1, update to the SMR Aug-2023 Release 1 or later to resolve the issue.