875 matches found
CVE-2025-20670
CVE-2025-20670 concerns a vulnerability in a Modem where improper certificate validation enables a permission bypass, potentially causing remote information disclosure if a UE connects to a rogue base station controlled by an attacker. Exploitation requires user interaction and the attacker would...
ASB-A-331180422
In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation...
ASB-A-283962634
In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
CVE-2024-43765
CVE-2024-43765 is reported across multiple feeds as a local elevation-of-privilege on Android via a tapjacking/overlay attack that can grant access to a folder with user-initiated interaction. Exploitation requires user interaction and occurs in multiple locations; no device-specific proof or exp...
CVE-2024-11220
A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation...
CVE-2018-9414
In gattServerSendResponseNative of comandroidbluetoothgatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2018-9414
In gattServerSendResponseNative of comandroidbluetoothgatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2018-9414
In gattServerSendResponseNative of comandroidbluetoothgatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2018-9374
In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2018-9374
In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21270
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User...
CVE-2023-21270
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User...
CVE-2023-21270
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User...
CVE-2024-43090
In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation...
CVE-2024-43090
In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation...
CVE-2024-43090
CVE-2024-43090 affects the Android Framework component, describing a cross-user image read caused by a missing permission check. This leads to local information disclosure with user privileges required, as noted in multiple sources (Android OS CVE entry and related bulletins). The Android securit...
DEBIAN-CVE-2024-48936
SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via...
PT-2024-33282 · Schedmd · Slurm
Name of the Vulnerable Software and Affected Versions: SchedMD Slurm versions prior to 24.05.4 Description: A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This issue is limited to jobs explicitly running with --stepmgr, or on...
CVE-2024-31331
In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
CVE-2024-31324
In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed...