Skip to main content

Android

7243 CVEs product

Monthly

CVE-2024-23716 HIGH This Week

In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Use After Free Memory Corruption Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-34655 MEDIUM This Month

Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34654 MEDIUM This Month

Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34653 MEDIUM This Month

Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-34652 LOW Monitor

Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-34651 MEDIUM This Month

Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34650 LOW Monitor

Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-34649 LOW Monitor

Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2024-34648 MEDIUM This Month

Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34647 MEDIUM This Month

Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34646 MEDIUM This Month

Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34645 MEDIUM This Month

Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1 allows physical attackers to install privileged applications. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-34644 MEDIUM This Month

Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34643 MEDIUM This Month

Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-34642 MEDIUM This Month

Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-34641 LOW Monitor

Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-34640 LOW Monitor

Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-34639 MEDIUM This Month

Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-34638 HIGH This Week

Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-34637 MEDIUM This Month

Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20089 HIGH This Week

In wlan, there is a possible denial of service due to incorrect error handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Rdk B Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-20088 MEDIUM This Month

In keyinstall, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20087 MEDIUM This Month

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20086 MEDIUM This Month

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20085 MEDIUM This Month

In power, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Rdk B Android +1
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20084 MEDIUM This Month

In power, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Rdk B Android +1
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-32927 HIGH This Week

In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Use After Free Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34743 HIGH PATCH This Week

In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34742 MEDIUM PATCH This Month

In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34741 HIGH PATCH This Week

In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-34740 HIGH PATCH This Week

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34739 HIGH PATCH This Week

In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-34738 HIGH PATCH This Week

In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34737 HIGH PATCH This Week

In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34736 HIGH PATCH This Week

In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34734 HIGH PATCH This Week

In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34731 HIGH PATCH This Week

In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. Rated high severity (CVSS 7.0).

Privilege Escalation Buffer Overflow Race Condition Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-34727 HIGH This Week

In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-31333 HIGH This Week

In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow RCE Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-20083 CRITICAL Act Now

In venc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-34620 HIGH This Week

Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34619 HIGH This Week

Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-34618 LOW Monitor

Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-34617 LOW Monitor

Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-34616 MEDIUM This Month

Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34615 HIGH This Week

Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34614 HIGH This Week

Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-34612 HIGH This Week

Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-34611 MEDIUM This Month

Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34610 MEDIUM This Month

Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34609 MEDIUM This Month

Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34608 MEDIUM This Month

Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34607 MEDIUM This Month

Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34606 MEDIUM This Month

Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34605 MEDIUM This Month

Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34604 MEDIUM This Month

Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34726 HIGH This Week

In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34725 HIGH This Week

In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation RCE Race Condition Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-34724 HIGH This Week

In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation RCE Race Condition Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-34723 HIGH PATCH This Week

In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Java Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34722 HIGH PATCH This Week

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-34721 MEDIUM PATCH This Month

In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34720 HIGH PATCH This Week

In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31339 HIGH PATCH This Week

In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Buffer Overflow Memory Corruption Denial Of Service Privilege Escalation +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31335 HIGH This Week

In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31334 HIGH This Week

In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31332 HIGH PATCH This Week

In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31331 HIGH PATCH This Week

In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-31327 HIGH PATCH This Week

In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. Rated high severity (CVSS 7.0).

Privilege Escalation Buffer Overflow Race Condition Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-31326 HIGH PATCH This Week

In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31325 HIGH PATCH This Week

In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31324 HIGH PATCH This Week

In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation XSS Android
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-31323 HIGH PATCH This Week

In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31322 HIGH PATCH This Week

In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31320 HIGH PATCH This Week

In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Java Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-31319 HIGH PATCH This Week

In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-31318 HIGH PATCH This Week

In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31317 HIGH PATCH This Week

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-31316 HIGH PATCH This Week

In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31315 HIGH PATCH This Week

In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31314 MEDIUM PATCH This Month

In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-31313 HIGH PATCH This Week

In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31312 MEDIUM PATCH This Month

In multiple locations, there is a possible information leak due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-31311 HIGH PATCH This Week

In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31310 HIGH PATCH This Week

In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23711 HIGH This Week

In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23698 HIGH This Week

In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23697 HIGH This Week

In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Privilege Escalation +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23696 HIGH This Week

In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Privilege Escalation +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23695 HIGH This Week

In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
EPSS 0% CVSS 7.0
HIGH This Week

In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 2.4
LOW Monitor

Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1 allows physical attackers to install privileged applications. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In wlan, there is a possible denial of service due to incorrect error handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Rdk B +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In keyinstall, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In power, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto +3
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In power, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Use After Free Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation XSS Android
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Denial Of Service Memory Corruption Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. Rated high severity (CVSS 7.0).

Privilege Escalation Buffer Overflow Race Condition +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In venc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation RCE Race Condition +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation RCE Race Condition +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Java Android
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation RCE Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Buffer Overflow Memory Corruption +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. Rated high severity (CVSS 7.0).

Privilege Escalation Buffer Overflow Race Condition +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation XSS Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation XSS Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Java Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In multiple locations, there is a possible information leak due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation +1
NVD
Prev Page 12 of 81 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy