SB2023031417 - Multiple vulnerabilities in Google Pixel
Published: March 14, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 120 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2023-21054)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
2) Improper input validation (CVE-ID: CVE-2023-21055)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the cpif subcomponent in Pixel. A local application can execute arbitrary code.
3) Improper input validation (CVE-ID: CVE-2023-21052)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the libril_sitril subcomponent in Pixel. A local application can execute arbitrary code.
4) Improper input validation (CVE-ID: CVE-2023-21051)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the exynos subcomponent in Pixel. A local application can execute arbitrary code.
5) Improper input validation (CVE-ID: CVE-2023-21050)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the libexynosdisplay subcomponent in Pixel. A local application can execute arbitrary code.
6) Improper input validation (CVE-ID: CVE-2023-21043)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LWIS subcomponent in Pixel. A local application can execute arbitrary code.
7) Improper input validation (CVE-ID: CVE-2023-21042)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LWIS subcomponent in Pixel. A local application can execute arbitrary code.
8) Improper input validation (CVE-ID: CVE-2023-21038)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cs40l25 haptic driver subcomponent in Pixel. A local application can execute arbitrary code.
9) Improper input validation (CVE-ID: CVE-2022-42500)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Telephony subcomponent in Pixel. A local application can execute arbitrary code.
10) Information exposure (CVE-ID: CVE-2023-21067)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the GPS subcomponent in Pixel. A local application can gain access to sensitive information.
11) Information exposure (CVE-ID: CVE-2023-21036)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Markup subcomponent in Pixel. A local application can gain access to sensitive information.
12) Improper input validation (CVE-ID: CVE-2023-21065)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the libfdt subcomponent in Pixel. A local application can execute arbitrary code.
13) Improper input validation (CVE-ID: CVE-2023-21040)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Bluetooth subcomponent in Pixel. A local application can execute arbitrary code.
14) Information exposure (CVE-ID: CVE-2022-42528)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the TF-A subcomponent in Pixel. A local application can gain access to sensitive information.
15) Improper input validation (CVE-ID: CVE-2023-21062)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
16) Improper input validation (CVE-ID: CVE-2023-21041)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the GSC subcomponent in Pixel. A local application can execute arbitrary code.
17) Improper input validation (CVE-ID: CVE-2023-24033)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
18) Improper input validation (CVE-ID: CVE-2023-21058)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cellular firmware subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
19) Improper input validation (CVE-ID: CVE-2023-21057)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cellular firmware subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
20) Improper input validation (CVE-ID: CVE-2022-42499)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the modem subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
21) Improper input validation (CVE-ID: CVE-2022-42498)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cellular firmware subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
22) Improper input validation (CVE-ID: CVE-2023-21033)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
23) Improper input validation (CVE-ID: CVE-2023-21016)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
24) Information exposure (CVE-ID: CVE-2023-21032)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
25) Information exposure (CVE-ID: CVE-2023-21027)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
26) Information exposure (CVE-ID: CVE-2023-21025)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
27) Information exposure (CVE-ID: CVE-2023-21019)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
28) Improper input validation (CVE-ID: CVE-2023-21056)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the lwis subcomponent in Pixel. A local application can execute arbitrary code.
29) Improper input validation (CVE-ID: CVE-2023-21063)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
30) Information exposure (CVE-ID: CVE-2023-21013)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
31) Information exposure (CVE-ID: CVE-2023-21046)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Camera HAL subcomponent in Pixel. A local application can gain access to sensitive information.
32) Out-of-bounds read (CVE-ID: CVE-2022-40519)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local user can trigger out-of-bounds read error and read contents of memory on the system.
33) Out-of-bounds read (CVE-ID: CVE-2022-40518)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local user can trigger out-of-bounds read error and read contents of memory on the system.
34) Stack-based buffer overflow (CVE-ID: CVE-2022-33260)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in Core. A local application can read and manipulate data.
35) Use After Free (CVE-ID: CVE-2022-33245)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in WLAN. A local privileged application can execute arbitrary code.
36) Buffer overflow (CVE-ID: CVE-2022-25712)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Camera driver. A local application can trigger memory corruption and execute arbitrary code on the device.
37) Improper input validation (CVE-ID: CVE-2023-21061)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Wifi subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.
38) Information exposure (CVE-ID: CVE-2023-21060)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the SMS subcomponent in Pixel. A local application can gain access to sensitive information.
39) Information exposure (CVE-ID: CVE-2023-21059)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Cellular firmware subcomponent in Pixel. A local application can gain access to sensitive information.
40) Information exposure (CVE-ID: CVE-2023-21053)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the SMS subcomponent in Pixel. A local application can gain access to sensitive information.
41) Information exposure (CVE-ID: CVE-2023-21049)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Camera subcomponent in Pixel. A local application can gain access to sensitive information.
42) Information exposure (CVE-ID: CVE-2023-21048)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the WiFi subcomponent in Pixel. A local application can gain access to sensitive information.
43) Information exposure (CVE-ID: CVE-2023-21047)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Camera HAL subcomponent in Pixel. A local application can gain access to sensitive information.
44) Information exposure (CVE-ID: CVE-2023-21045)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the CPIF subcomponent in Pixel. A local application can gain access to sensitive information.
45) Improper input validation (CVE-ID: CVE-2023-21064)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
46) Information exposure (CVE-ID: CVE-2023-21044)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the libvendorgraphicbuffer subcomponent in Pixel. A local application can gain access to sensitive information.
47) Information exposure (CVE-ID: CVE-2023-21039)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the dumpstate subcomponent in Pixel. A local application can gain access to sensitive information.
48) Improper input validation (CVE-ID: CVE-2023-21079)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the bcm4389 subcomponent in Pixel. A local application can execute arbitrary code.
49) Improper input validation (CVE-ID: CVE-2023-21078)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the bcm4389 driver subcomponent in Pixel. A local application can execute arbitrary code.
50) Improper input validation (CVE-ID: CVE-2023-21077)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the bcm4389 driver subcomponent in Pixel. A local application can execute arbitrary code.
51) Improper input validation (CVE-ID: CVE-2023-21076)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the bcmdhd driver subcomponent in Pixel. A local application can execute arbitrary code.
52) Improper input validation (CVE-ID: CVE-2023-21075)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the bcmdhd driver subcomponent in Pixel. A local application can execute arbitrary code.
53) Improper input validation (CVE-ID: CVE-2023-21073)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the bcm4389 driver subcomponent in Pixel. A local application can execute arbitrary code.
54) Improper input validation (CVE-ID: CVE-2023-21072)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the bcm4389 driver subcomponent in Pixel. A local application can execute arbitrary code.
55) Improper input validation (CVE-ID: CVE-2023-21071)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the bcm4389 driver subcomponent in Pixel. A local application can execute arbitrary code.
56) Improper input validation (CVE-ID: CVE-2023-21070)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the bcm4389 driver subcomponent in Pixel. A local application can execute arbitrary code.
57) Improper input validation (CVE-ID: CVE-2023-21069)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the bcm4389 driver subcomponent in Pixel. A local application can execute arbitrary code.
58) Improper input validation (CVE-ID: CVE-2023-21068)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Fastboot startup screen subcomponent in Pixel. A local application can execute arbitrary code.
59) Information exposure (CVE-ID: CVE-2023-21014)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
60) Information exposure (CVE-ID: CVE-2023-21012)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
61) Use-after-free (CVE-ID: CVE-2023-21000)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error, related to end-of-process destruction in the Framework component. A remote attacker can trigger a use-after-free error and execute arbitrary code on the device.
62) Improper input validation (CVE-ID: CVE-2023-20976)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
63) Improper input validation (CVE-ID: CVE-2023-21021)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
64) Improper input validation (CVE-ID: CVE-2023-21020)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
65) Improper input validation (CVE-ID: CVE-2023-21018)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
66) Improper input validation (CVE-ID: CVE-2023-21015)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
67) Improper input validation (CVE-ID: CVE-2023-21005)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
68) Improper input validation (CVE-ID: CVE-2023-21004)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
69) Improper input validation (CVE-ID: CVE-2023-21003)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
70) Improper input validation (CVE-ID: CVE-2023-21002)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
71) Improper input validation (CVE-ID: CVE-2023-21001)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
72) Improper input validation (CVE-ID: CVE-2023-20995)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
73) Improper input validation (CVE-ID: CVE-2023-20994)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
74) Improper input validation (CVE-ID: CVE-2023-20985)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
75) Improper input validation (CVE-ID: CVE-2023-20975)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
76) Improper input validation (CVE-ID: CVE-2023-21024)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
77) Improper input validation (CVE-ID: CVE-2023-21026)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
78) Improper input validation (CVE-ID: CVE-2023-20999)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
79) Improper input validation (CVE-ID: CVE-2023-20998)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
80) Improper input validation (CVE-ID: CVE-2023-20997)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
81) Improper input validation (CVE-ID: CVE-2023-20996)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
82) Information exposure (CVE-ID: CVE-2023-21031)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
83) Information exposure (CVE-ID: CVE-2023-21029)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
84) Information exposure (CVE-ID: CVE-2023-21028)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
85) Improper input validation (CVE-ID: CVE-2023-21017)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
86) Improper input validation (CVE-ID: CVE-2023-20993)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
87) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-20971)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in in Android Framework. A local application can execute arbitrary code with elevated privileges.
88) Out-of-bounds read (CVE-ID: CVE-2022-20542)
The vulnerability allows a local application to escalate privileges on the device.
The vulnerability exists due to a boundary condition within the ParseParamsBlob in libcodec2_hidl in Android Framework. A local application can trigger an out-of-bounds read error and escalate privileges on the device.
89) Integer overflow (CVE-ID: CVE-2022-20532)
The vulnerability allows a local application to escalate privileges on the device.
The vulnerability exists due to integer overflow in the MPEG4Extractor in Android Framework. A local application can trigger an integer overflow and execute arbitrary code with elevated privileges.
90) Improper input validation (CVE-ID: CVE-2023-21022)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
91) Improper input validation (CVE-ID: CVE-2023-21030)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
92) Information exposure (CVE-ID: CVE-2023-21011)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
93) Information exposure (CVE-ID: CVE-2023-20984)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
94) Information exposure (CVE-ID: CVE-2023-21010)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
95) Information exposure (CVE-ID: CVE-2023-21009)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
96) Information exposure (CVE-ID: CVE-2023-21008)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
97) Information exposure (CVE-ID: CVE-2023-21007)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
98) Information exposure (CVE-ID: CVE-2023-21006)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
99) Information exposure (CVE-ID: CVE-2023-20992)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
100) Information exposure (CVE-ID: CVE-2023-20991)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
101) Information exposure (CVE-ID: CVE-2023-20990)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
102) Information exposure (CVE-ID: CVE-2023-20989)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
103) Information exposure (CVE-ID: CVE-2023-20988)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
104) Information exposure (CVE-ID: CVE-2023-20987)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
105) Information exposure (CVE-ID: CVE-2023-20986)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
106) Information exposure (CVE-ID: CVE-2023-20983)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
107) Improper input validation (CVE-ID: CVE-2023-21034)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
108) Information exposure (CVE-ID: CVE-2023-20982)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
109) Information exposure (CVE-ID: CVE-2023-20981)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
110) Information exposure (CVE-ID: CVE-2023-20980)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
111) Information exposure (CVE-ID: CVE-2023-20979)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
112) Information exposure (CVE-ID: CVE-2023-20977)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
113) Information exposure (CVE-ID: CVE-2023-20974)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
114) Information exposure (CVE-ID: CVE-2023-20973)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
115) Information exposure (CVE-ID: CVE-2023-20972)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
116) Information exposure (CVE-ID: CVE-2023-20970)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
117) Information exposure (CVE-ID: CVE-2023-20969)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
118) Information exposure (CVE-ID: CVE-2023-20968)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
119) Integer overflow (CVE-ID: CVE-2022-40303)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in parse.c when processing content when XML_PARSE_HUGE is set. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
120) Improper input validation (CVE-ID: CVE-2023-21035)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
Remediation
Install update from vendor's website.