Lucene search
+L

875 matches found

CVE
CVE
added 2025/05/05 2:49 a.m.75 views

CVE-2025-20670

CVE-2025-20670 concerns a vulnerability in a Modem where improper certificate validation enables a permission bypass, potentially causing remote information disclosure if a UE connects to a rogue base station controlled by an attacker. Exploitation requires user interaction and the attacker would...

5.7CVSS6.8AI score0.0027EPSS
Exploits0References1Affected Software3
OSV
OSV
added 2025/03/01 12:0 a.m.18 views

ASB-A-331180422

In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation...

5CVSS6.4AI score0.00163EPSS
Exploits0References2
OSV
OSV
added 2025/03/01 12:0 a.m.38 views

ASB-A-283962634

In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...

6.8CVSS6.7AI score0.00454EPSS
Exploits0References3
CVE
CVE
added 2025/01/21 11:4 p.m.771 views

CVE-2024-43765

CVE-2024-43765 is reported across multiple feeds as a local elevation-of-privilege on Android via a tapjacking/overlay attack that can grant access to a folder with user-initiated interaction. Exploitation requires user interaction and occurs in multiple locations; no device-specific proof or exp...

7.8CVSS6.8AI score0.00074EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/12/06 6:15 p.m.53 views

CVE-2024-11220

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation...

8.5CVSS0.00152EPSS
Exploits0References2
NVD
NVD
added 2024/12/02 9:15 p.m.15 views

CVE-2018-9414

In gattServerSendResponseNative of comandroidbluetoothgatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.0008EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/02 9:9 p.m.8 views

CVE-2018-9414

In gattServerSendResponseNative of comandroidbluetoothgatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

7.2AI score0.0008EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/02 9:9 p.m.12 views

CVE-2018-9414

In gattServerSendResponseNative of comandroidbluetoothgatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

0.0008EPSS
Exploits0References1
NVD
NVD
added 2024/11/28 12:15 a.m.16 views

CVE-2018-9374

In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00084EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/27 11:42 p.m.11 views

CVE-2018-9374

In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

7.3AI score0.00084EPSS
Exploits0References1
NVD
NVD
added 2024/11/19 6:15 p.m.20 views

CVE-2023-21270

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User...

7.8CVSS0.00082EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/19 6:0 p.m.25 views

CVE-2023-21270

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User...

0.00082EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/19 6:0 p.m.10 views

CVE-2023-21270

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User...

7.1AI score0.00082EPSS
Exploits0References1
NVD
NVD
added 2024/11/13 6:15 p.m.21 views

CVE-2024-43090

In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation...

5CVSS0.00163EPSS
Exploits0References2
OSV
OSV
added 2024/11/13 6:15 p.m.5 views

CVE-2024-43090

In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation...

5CVSS5.9AI score0.00163EPSS
Exploits0References2
CVE
CVE
added 2024/11/13 5:25 p.m.107 views

CVE-2024-43090

CVE-2024-43090 affects the Android Framework component, describing a cross-user image read caused by a missing permission check. This leads to local information disclosure with user privileges required, as noted in multiple sources (Android OS CVE entry and related bulletins). The Android securit...

5CVSS6.2AI score0.00163EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/10/28 4:15 a.m.2 views

DEBIAN-CVE-2024-48936

SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via...

5CVSS5.6AI score0.00336EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/28 12:0 a.m.4 views

PT-2024-33282 · Schedmd · Slurm

Name of the Vulnerable Software and Affected Versions: SchedMD Slurm versions prior to 24.05.4 Description: A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This issue is limited to jobs explicitly running with --stepmgr, or on...

5CVSS7.2AI score0.00336EPSS
Exploits0References25
Vulnrichment
Vulnrichment
added 2024/07/09 8:11 p.m.13 views

CVE-2024-31331

In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...

7.1AI score0.00117EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/09 8:9 p.m.26 views

CVE-2024-31324

In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed...

0.00103EPSS
Exploits0References2
Rows per page
Query Builder