CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

70 matches found

Vulnrichment•added 2025/01/21 11:4 p.m.•10 views

CVE-2024-49724

In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.2AI score0.00005EPSS

Exploits0References1

OSV•added 2025/01/01 12:0 a.m.•14 views

ASB-A-369351375

7CVSS7.4AI score0.00005EPSS

Exploits0References2

NVD•added 2024/11/13 6:15 p.m.•8 views

CVE-2024-43086

In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS0.00064EPSS

Exploits0References2

Vulnrichment•added 2024/11/13 5:25 p.m.•7 views

CVE-2024-43086

6.3AI score0.00064EPSS

Exploits0References2

CVE•added 2024/11/13 5:25 p.m.•96 views

CVE-2024-43086

CVE-2024-43086 affects Android’s AccountManagerService.java, where an issue in validateAccountsInternal could permit leaking account credentials to a third‑party app via a confused deputy, causing local information disclosure with no extra privileges or user interaction required. Public sources (...

5.5CVSS6.5AI score0.00064EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/11/13 5:25 p.m.•8 views

CVE-2024-43086

0.00064EPSS

Exploits0References2

OSV•added 2024/11/01 12:0 a.m.•7 views

ASB-A-343440463

5.5CVSS6.4AI score0.00064EPSS

Exploits0References2

OSV•added 2024/10/01 12:0 a.m.•20 views

ASB-A-349780950

In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.7CVSS7.5AI score0.00109EPSS

Exploits0References2

NVD•added 2024/07/09 9:15 p.m.•11 views

CVE-2024-31316

In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00052EPSS

Exploits0References2

Vulnrichment•added 2024/07/09 8:9 p.m.•20 views

CVE-2024-31316

7.3AI score0.00052EPSS

Exploits0References2

Cvelist•added 2024/07/09 8:9 p.m.•14 views

CVE-2024-31316

0.00052EPSS

Exploits0References2

OSV•added 2024/06/01 12:0 a.m.•41 views

ASB-A-321941232

7.8CVSS7.8AI score0.00052EPSS

Exploits0References2

CNVD•added 2024/03/14 12:0 a.m.•5 views

Google Android elevation of privilege vulnerability (CNVD-2024-24398)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to incorrect handling of NULL responses in the session of AccountManagerService.java. An attacker can exploit the vulnerability to escalate privileges...

8.4CVSS6.9AI score0.00021EPSS

Exploits0References1

CVE•added 2024/03/11 4:35 p.m.•144 views

CVE-2024-0048

CVE-2024-0048 affects Android (AccountManagerService.java) where NULL-response handling can allow local elevation of privileges. Exploitation requires local access; no user interaction documented. Root cause: incorrect handling of NULL responses in the AccountManagerService session. Android secur...

8.4CVSS7AI score0.00021EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/03/11 4:35 p.m.•12 views

CVE-2024-0048

In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitatio...

7AI score0.00021EPSS

Exploits0References2

Vulnrichment•added 2024/03/11 4:35 p.m.•8 views

CVE-2024-0048

7.1AI score0.00021EPSS

Exploits0References2

OSV•added 2024/03/01 12:0 a.m.•19 views

ASB-A-316893159

8.4CVSS7.7AI score0.00021EPSS

Exploits0References2

Prion•added 2023/12/04 11:15 p.m.•16 views

Privilege escalation

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...

4.3CVSS7.5AI score0.00147EPSS

Exploits0References3Affected Software1

Cvelist•added 2023/12/04 10:40 p.m.•17 views

CVE-2023-45777

8AI score0.00147EPSS

Exploits0References3

CVE•added 2023/12/04 10:40 p.m.•142 views

CVE-2023-45777

CVE-2023-45777 affects Android’s AccountManagerService (checkKeyIntentParceledCorrectly) where a Parcel Mismatch could let an attacker launch arbitrary activities with system privileges, causing local elevation of privilege. Public details consistently describe this as a local, no-auth vulnerabil...

7.8CVSS7.8AI score0.00147EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by