875 matches found
CVE-2024-31317
In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITESECURESETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-31317
In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITESECURESETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-29975
UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated local attacker with administrator privileges to execute...
CVE-2024-30280
The CVE-2024-30280 entry affects Adobe Acrobat Reader (versions 20.005.30574, 24.002.20736 and earlier) and is an out-of-bounds read bug triggered while parsing a crafted file. An attacker could execute code in the user’s context, and exploitation requires user interaction (victim opens a malicio...
CVE-2024-0015
In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-0037
In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...
Information disclosure
In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...
Input validation
In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
CVE-2024-0037
The CVE-2024-0037 entry describes a local information disclosure in Android’s SaveUi.java, where applyCustomDescription can view other users’ images due to a missing permission check. Exploitation is possible with local attacker privileges and does not require user interaction. Connected document...
CVE-2024-0037
In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...
PT-2024-15312 · Softwarex · Softwarex
Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: The issue is related to a missing permission check in the applyCustomDescription function of SaveUi.java, allowing potential local information disclosure with user execution privileges...
CVE-2023-45781
In parsegapdata of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-45773
In multiple functions of btmblegap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
Design/Logic Flaw
In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
Out-of-bounds
In parsegapdata of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...
Out-of-bounds
In parsegapdata of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...
Out-of-bounds
In multiple functions of btmblegap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-45781
In parsegapdata of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-45781
In parsegapdata of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-40096
In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...