Aggregator

本期周报简介：1、windows服务器安装软件的权限如何进行管控？如果把服务器的账号组权限改成users权限,会对服务器上跑的业务会有影响吗？ 2、大家内网的安全设备的病毒库、特征库、漏洞库等是通过什么方式升级？

A vulnerability was found in Google Android 12/12L/13/14. It has been declared as problematic. This vulnerability affects the function setForceHideNonSystemOverlayWindowIfNeeded of the file WindowState.java of the component Lock Screen. The manipulation leads to state issue. This vulnerability was named CVE-2024-34741. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Google Android 13/14. This affects an unknown part of the file AppOpsService.java. The manipulation leads to state issue. This vulnerability is uniquely identified as CVE-2024-34738. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Google Android 12/12L/13/14 and classified as problematic. This vulnerability affects the function shouldRestrictOverlayActivities of the file UsbProfileGroupSettingsManager.java. The manipulation leads to escaping of output. This vulnerability was named CVE-2024-34739. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 12/12L/13/14 and classified as problematic. This issue affects the function attributeBytesBase64/attributeBytesHex of the file BinaryXmlSerializer.java. The manipulation leads to integer overflow. The identification of this vulnerability is CVE-2024-34740. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 14. It has been declared as problematic. Affected by this vulnerability is the function setTransactionState of the file SurfaceFlinger.cpp. The manipulation leads to state issue. This vulnerability is known as CVE-2024-34743. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Google Android. Affected is the function DevmemIntPFNotify of the file devicemem_server.c. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-23716. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 12/12L/13/14 and classified as problematic. This issue affects the function wifi_item_edit_content of the file styles.xml of the component FRP. The manipulation leads to state issue. The identification of this vulnerability is CVE-2024-40650. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 12/12L/13/14. It has been classified as critical. This affects the function onCreate of the file SettingsHomepageActivity.java. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2024-40652. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android. It has been declared as problematic. This vulnerability affects unknown code of the component PowerVR-GPU. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2024-31336. The attack needs to be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 12/12L/13/14. It has been classified as critical. Affected is an unknown function. The manipulation leads to permission issues. This vulnerability is traded as CVE-2024-40654. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Google Android 12/12L/13/14. Affected is the function bindAndGetCallIdentification of the file CallScreeningServiceHelper.java. The manipulation leads to permission issues. This vulnerability is traded as CVE-2024-40655. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

Nvidia has shared a temporary fix for a known issue impacting systems running its recently unveiled NVIDIA App and causing gaming performance to drop by up to 15%. [...]

A vulnerability was found in Google Android 12/12L/13/14 and classified as critical. This issue affects the function smp_proc_rand of the file smp_act.cc of the component BLE. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2024-34722. The attack needs to be approached within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android. It has been declared as problematic. Affected by this vulnerability is the function DevmemtChangeSparse2 of the file devicemem_server.c. The manipulation leads to enforcement of behavioral workflow. This vulnerability is known as CVE-2024-31335. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android. It has been rated as problematic. Affected by this issue is the function _UnrefAndMaybeDestroy of the file pmr.c. The manipulation leads to race condition. This vulnerability is handled as CVE-2024-34724. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Google Android. This affects the function DevmemtUnexportCtx of the file devicemem_server.c. The manipulation leads to race condition. This vulnerability is uniquely identified as CVE-2024-34725. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Google Android. This vulnerability affects the function PVRSRV_MMap of the file pvr_bridge_k.c. The manipulation leads to enforcement of behavioral workflow. This vulnerability was named CVE-2024-34726. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Google Android 12/12L/13/14. Affected by this issue is some unknown functionality of the file StatsService.cpp. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-31339. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 12/12L/13/14. It has been rated as critical. Affected by this issue is the function com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of the file com_android_internal_os_ZygoteCommandBuffer.cpp. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2024-34720. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.