CVE-2024-21481
published 2024-08-05CVE-2024-21481: Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
PriorityP344high8.4CVSS 3.1
AVLACLPRNUINSUCHIHAH
EPSS
0.11%
1.8th percentile
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
Affected
161 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
ghsa·2024-08-19
CVE-2024-43401 [CRITICAL] CWE-269 In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
### Impact
A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor.
The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content.
The payload is executed at edit time.
### Patches
This vulnerability has been patched in XWiki 15.10RC1.
### Workarounds
No workaround. It is advised to upgrade to XWiki 15.10+.
### References
* https://jira.xwiki.org/browse/XWIKI-20331
* https://jira.xwiki.org/browse/XWIKI-21311
* https://jira.xwiki.org/browse/XWIKI-21481
* https://jira.xwiki.org/browse/XWIKI-21482
* https://jira.xwiki.org/browse/XWIKI-21483
*
GHSA
GHSA-296c-8m99-q77p: Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager
ghsa_unreviewed·2024-08-05
CVE-2024-21481 [HIGH] CWE-119 GHSA-296c-8m99-q77p: Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
Android
CVE-2024-21481: Closed-source component
vendor_android·2024-08-01·CVSS 8.4
CVE-2024-21481 [HIGH] CVE-2024-21481: Closed-source component
Android Security Bulletin 2024-08-01
CVE: CVE-2024-21481
Severity: HIGH
Component: Closed-source component
References: A-323918669 *
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-05
Published