Skip to main content

Android

7243 CVEs product

Monthly

CVE-2024-53936 MEDIUM This Month

The com.asianmobile.callcolor (aka Color Phone Call Screen App) application through 24 for Android enables any application (with no permissions) to place phone calls without user interaction by. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-53935 MEDIUM This Month

The com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone Flash) application through 4.3 for Android enables any application (with no permissions) to place phone calls without user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-53934 HIGH This Month

The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2024-53933 MEDIUM This Month

The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) application through 1.0.7 for Android enables any application (with no permissions) to place phone calls without. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-53932 CRITICAL This Week

The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-53931 CRITICAL This Week

The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-20153 HIGH This Month

In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Yocto Software Development Kit Android Google
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-20152 MEDIUM Monitor

In wlan STA driver, there is a possible reachable assertion due to improper exception handling. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Yocto Software Development Kit Android Openwrt +1
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-20148 CRITICAL This Week

In wlan STA FW, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Yocto Software Development Kit +2
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-20146 HIGH This Month

In wlan STA driver, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Yocto Software Development Kit +3
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-20145 MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +3
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-20144 MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +3
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-20143 MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +3
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-20140 MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Android +1
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-20105 MEDIUM This Month

In m4u, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-53842 CRITICAL This Week

In cc_SendCcImsInfoIndMsg of cc_MmConManagement.c, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Android Google
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2024-53841 HIGH This Month

In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-53840 HIGH This Month

there is a possible biometric bypass due to an unusual root cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-53839 MEDIUM This Month

In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-53838 HIGH This Month

In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-53837 HIGH This Month

In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-53836 MEDIUM This Month

In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of bounds write due to a buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-53835 HIGH This Month

there is a possible biometric bypass due to an unusual root cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-53834 HIGH This Month

In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of bounds read due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-53833 HIGH This Month

In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-47032 HIGH This Month

In construct_transaction_from_cmd of lwis_ioctl.c, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-11624 HIGH This Month

there is a possible to add apps to bypass VPN due to Undeclared Permission . Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-43769 HIGH This Month

In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-43768 HIGH This Month

In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-43767 HIGH This Month

In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Android Google
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-43764 HIGH PATCH This Month

In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock screen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-43762 HIGH PATCH This Month

In multiple locations, there is a possible way to avoid unbinding of a service from the system due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-43097 HIGH PATCH This Month

In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Privilege Escalation Android Google +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-43077 HIGH This Month

In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49422 LOW Monitor

Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Android
NVD
CVSS 3.1
3.9
EPSS
0.2%
CVE-2024-47040 CRITICAL Act Now

There is a possible UAF due to a logic error in the code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Use After Free Memory Corruption Android
NVD
CVSS 4.0
10.0
EPSS
0.2%
CVE-2024-47039 CRITICAL Act Now

In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 4.0
10.0
EPSS
0.2%
CVE-2024-47038 CRITICAL Act Now

In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 4.0
10.0
EPSS
0.2%
CVE-2024-49415 CRITICAL Act Now

Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-49414 LOW Monitor

Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2024-49413 HIGH This Week

Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-49411 MEDIUM This Month

Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-49410 HIGH This Week

Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20139 MEDIUM This Month

In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Software Development Kit Android Openwrt
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-20138 HIGH This Week

In wlan driver, there is a possible out of bound read due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Software Development Kit Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-20136 MEDIUM This Month

In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Rdk B Android Openwrt
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-20135 MEDIUM This Month

In soundtrigger, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20134 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20130 MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Stack Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20129 HIGH This Week

In Telephony, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-20128 HIGH This Week

In Telephony, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-20127 HIGH This Week

In Telephony, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-20125 MEDIUM This Month

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20116 MEDIUM This Month

In cmdq, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-43093 HIGH KEV PATCH THREAT This Week

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.3
EPSS
0.7%
CVE-2024-43091 CRITICAL PATCH Act Now

In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43090 MEDIUM This Month

In multiple locations, there is a possible cross-user image read due to a missing permission check. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-43089 HIGH PATCH This Week

In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Java Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43088 HIGH PATCH This Week

In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-43087 HIGH PATCH This Week

In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43086 MEDIUM PATCH This Month

In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-43085 HIGH PATCH This Week

In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43084 MEDIUM PATCH This Month

In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

XSS Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-43083 MEDIUM PATCH This Month

In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Java Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-43082 MEDIUM PATCH This Month

In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-43081 HIGH PATCH This Week

In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43080 HIGH PATCH This Week

In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40671 HIGH This Week

In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40661 HIGH PATCH This Week

In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40660 HIGH PATCH This Week

In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34747 HIGH This Week

In DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Use After Free Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34729 HIGH This Week

In multiple locations, there is a possible arbitrary code execution due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34719 HIGH PATCH This Week

In multiple locations, there is a possible permissions bypass due to a missing null check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Privilege Escalation Null Pointer Dereference Denial Of Service Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31337 HIGH This Week

In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23715 HIGH This Week

In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49402 MEDIUM This Month

Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-49401 HIGH This Week

Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-34682 LOW Monitor

Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2024-34680 MEDIUM This Month

Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34679 HIGH This Week

Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-34678 HIGH This Week

Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-34677 LOW Monitor

Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-34676 HIGH This Week

Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-34675 MEDIUM This Month

Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-34674 MEDIUM This Month

Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-34673 MEDIUM This Month

Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20124 MEDIUM This Month

In vdec, there is a possible out of bounds read due to improper structure design. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20123 MEDIUM This Month

In vdec, there is a possible out of bounds read due to improper structure design. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20122 MEDIUM This Month

In vdec, there is a possible out of bounds read due to improper structure design. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20121 MEDIUM This Month

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
EPSS 0% CVSS 6.3
MEDIUM This Month

The com.asianmobile.callcolor (aka Color Phone Call Screen App) application through 24 for Android enables any application (with no permissions) to place phone calls without user interaction by. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

The com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone Flash) application through 4.3 for Android enables any application (with no permissions) to place phone calls without user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
EPSS 0% CVSS 7.7
HIGH This Month

The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) application through 1.0.7 for Android enables any application (with no permissions) to place phone calls without. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL This Week

The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL This Week

The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Month

In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Yocto Software Development Kit +2
NVD
EPSS 0% CVSS 4.4
MEDIUM Monitor

In wlan STA driver, there is a possible reachable assertion due to improper exception handling. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Yocto Software Development Kit +3
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

In wlan STA FW, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow +4
NVD
EPSS 0% CVSS 8.1
HIGH This Month

In wlan STA driver, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow +5
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +5
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +5
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +5
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In m4u, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 3% CVSS 9.8
CRITICAL This Week

In cc_SendCcImsInfoIndMsg of cc_MmConManagement.c, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Month

there is a possible biometric bypass due to an unusual root cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of bounds write due to a buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

there is a possible biometric bypass due to an unusual root cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 1% CVSS 7.5
HIGH This Month

In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of bounds read due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In construct_transaction_from_cmd of lwis_ioctl.c, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

there is a possible to add apps to bypass VPN due to Undeclared Permission . Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 2% CVSS 8.8
HIGH This Month

In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Android +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock screen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In multiple locations, there is a possible way to avoid unbinding of a service from the system due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Month

In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Privilege Escalation +3
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 3.9
LOW Monitor

Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Android
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

There is a possible UAF due to a logic error in the code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 0% CVSS 2.4
LOW Monitor

Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Android
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Software Development Kit +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In wlan driver, there is a possible out of bound read due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Software Development Kit +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Rdk B +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In soundtrigger, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In Telephony, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In Telephony, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In Telephony, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In cmdq, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 1% CVSS 7.3
HIGH KEV PATCH THREAT This Week

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

In multiple locations, there is a possible cross-user image read due to a missing permission check. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Java Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

XSS Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Java Denial Of Service Android
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple locations, there is a possible arbitrary code execution due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple locations, there is a possible permissions bypass due to a missing null check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Privilege Escalation Null Pointer Dereference Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 2.4
LOW Monitor

Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In vdec, there is a possible out of bounds read due to improper structure design. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In vdec, there is a possible out of bounds read due to improper structure design. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In vdec, there is a possible out of bounds read due to improper structure design. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
Prev Page 10 of 81 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy