Skip to main content

Android

7243 CVEs product

Monthly

CVE-2024-20120 MEDIUM This Month

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20119 MEDIUM This Month

In mms, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20118 MEDIUM This Month

In mms, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20117 MEDIUM This Month

In vdec, there is a possible out of bounds read due to improper structure design. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20115 MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20114 MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20113 MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20112 MEDIUM This Month

In isp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20111 MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20110 MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20109 MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20108 MEDIUM This Month

In atci, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20107 MEDIUM This Month

In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Rdk B Android +1
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-20106 MEDIUM This Month

In m4u, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20104 HIGH This Week

In da, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Rdk B +2
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-47041 HIGH This Week

In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-47035 HIGH This Week

In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-47034 MEDIUM This Month

there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-47033 HIGH This Week

In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Denial Of Service Privilege Escalation +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-47031 HIGH This Week

Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2024-47030 MEDIUM This Month

Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2024-47029 MEDIUM This Month

In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-47028 MEDIUM This Month

In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-47027 HIGH This Week

In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-47026 MEDIUM This Month

In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-47025 MEDIUM This Month

In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-47024 HIGH This Week

In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-47023 HIGH This Week

there is a possible man-in-the-middle attack due to a logic error in the code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2024-47022 HIGH This Week

Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-47021 HIGH This Week

In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-47020 HIGH This Week

Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-47019 MEDIUM This Month

In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-47018 MEDIUM This Month

In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-47017 HIGH This Week

In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Use After Free Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-47016 HIGH This Week

there is a possible privilege escalation due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-47015 MEDIUM This Month

In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-47014 HIGH This Week

Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-47013 HIGH This Week

In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-47012 HIGH This Week

In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-44101 HIGH This Week

there is a possible Null Pointer Dereference (modem crash) due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-44100 HIGH This Week

Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Google Android
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-44099 MEDIUM This Month

There is a possible Local bypass of user interaction due to an insecure default value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-44098 HIGH This Week

In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2024-39440 MEDIUM This Month

In DRM service, there is a possible system crash due to null pointer dereference. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-39439 MEDIUM This Month

In DRM service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-39438 MEDIUM This Month

In linkturbonative service, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-39437 MEDIUM This Month

In linkturbonative service, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-39436 MEDIUM This Month

In linkturbonative service, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-34669 HIGH This Week

Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-34668 HIGH This Week

Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-34667 HIGH This Week

Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-34666 HIGH This Week

Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-34665 HIGH This Week

Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-34664 LOW Monitor

Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
2.4
EPSS
0.1%
CVE-2024-34663 MEDIUM This Month

Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34662 HIGH This Week

Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-20103 CRITICAL Act Now

In wlan firmware, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Software Development Kit Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-20102 MEDIUM This Month

In wlan driver, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-20101 CRITICAL Act Now

In wlan driver, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Software Development Kit Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-20100 CRITICAL Act Now

In wlan driver, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Iot Yocto Software Development Kit +1
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-20099 MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20098 MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20097 MEDIUM This Month

In vdec, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20096 MEDIUM This Month

In m4u, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20095 MEDIUM This Month

In m4u, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20093 MEDIUM This Month

In vdec, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20092 HIGH This Week

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-20091 MEDIUM This Month

In vdec, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20090 MEDIUM This Month

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-39435 HIGH This Week

In Logmanager service, there is a possible missing verification incorrect input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-39434 MEDIUM This Month

In drm service, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-39433 MEDIUM This Month

In drm service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-39432 MEDIUM This Month

In UMTS RLC driver, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
4.5
EPSS
0.2%
CVE-2024-39431 MEDIUM This Month

In UMTS RLC driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
4.5
EPSS
0.2%
CVE-2024-44096 MEDIUM This Month

there is a possible arbitrary read due to an insecure default value. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-44095 HIGH This Week

In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-44094 HIGH This Week

In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-44093 HIGH This Week

In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a possible memory corruption due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-44092 HIGH This Week

There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-29779 HIGH This Week

there is a possible escalation of privilege due to an unusual root cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40662 HIGH PATCH This Week

In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40659 MEDIUM PATCH This Month

In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40658 HIGH PATCH This Week

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40657 HIGH PATCH This Week

In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable apps for other users due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40656 MEDIUM PATCH This Month

In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40655 HIGH PATCH This Week

In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40654 HIGH PATCH This Week

In multiple locations, there is a possible permission bypass due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40652 HIGH PATCH This Week

In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40650 HIGH PATCH This Week

In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31336 HIGH This Week

In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
EPSS 0% CVSS 6.7
MEDIUM This Month

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In mms, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In mms, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In vdec, there is a possible out of bounds read due to improper structure design. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In isp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In atci, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In m4u, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In da, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption +3
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Google Android
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Google Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

there is a possible man-in-the-middle attack due to a logic error in the code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Use After Free Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

there is a possible privilege escalation due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

there is a possible Null Pointer Dereference (modem crash) due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Google +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

There is a possible Local bypass of user interaction due to an insecure default value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
EPSS 0% CVSS 7.4
HIGH This Week

In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In DRM service, there is a possible system crash due to null pointer dereference. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In DRM service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In linkturbonative service, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In linkturbonative service, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In linkturbonative service, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Android
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 0% CVSS 2.4
LOW Monitor

Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In wlan firmware, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

In wlan driver, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In wlan driver, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In wlan driver, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In vdec, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In m4u, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In m4u, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In vdec, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In vdec, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Logmanager service, there is a possible missing verification incorrect input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In drm service, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In drm service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +1
NVD
EPSS 0% CVSS 4.5
MEDIUM This Month

In UMTS RLC driver, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +1
NVD
EPSS 0% CVSS 4.5
MEDIUM This Month

In UMTS RLC driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

there is a possible arbitrary read due to an insecure default value. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a possible memory corruption due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

there is a possible escalation of privilege due to an unusual root cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable apps for other users due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple locations, there is a possible permission bypass due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow RCE +2
NVD
Prev Page 11 of 81 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy