Lucene search

K
GoogleAndroid14.0

348 matches found

CVE
CVE
added 2025/01/06 4:15 a.m.87 views

CVE-2024-20148

In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: M...

9.8CVSS7.8AI score0.00054EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.86 views

CVE-2023-40076

In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.7AI score0.00008EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.86 views

CVE-2023-40087

In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS8.7AI score0.00079EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.86 views

CVE-2023-40098

In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00052EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.85 views

CVE-2023-40079

In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00006EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.83 views

CVE-2023-40095

In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00038EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.83 views

CVE-2024-31324

In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed fo...

7.8CVSS6.8AI score0.00008EPSS
CVE
CVE
added 2024/09/11 12:15 a.m.83 views

CVE-2024-40656

In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

5.5CVSS6.3AI score0.00009EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.82 views

CVE-2023-40075

In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for expl...

5.5CVSS5.3AI score0.00066EPSS
CVE
CVE
added 2024/08/15 10:15 p.m.82 views

CVE-2024-34731

In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.7CVSS7AI score0.00011EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.81 views

CVE-2023-40091

In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00038EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.81 views

CVE-2024-31315

In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti...

7.8CVSS6.8AI score0.0002EPSS
CVE
CVE
added 2025/03/03 3:15 a.m.81 views

CVE-2025-20645

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09475476; Issue ID: MSV-2599.

7.8CVSS7.1AI score0.00009EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.80 views

CVE-2023-40080

In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00039EPSS
CVE
CVE
added 2024/05/07 9:15 p.m.80 views

CVE-2024-0043

In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8CVSS7AI score0.00048EPSS
CVE
CVE
added 2024/08/15 10:15 p.m.80 views

CVE-2024-34739

In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8CVSS6.8AI score0.00075EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.79 views

CVE-2023-40073

In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5AI score0.00054EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.79 views

CVE-2023-40078

In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS9.3AI score0.00106EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.79 views

CVE-2023-40082

In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS9.2AI score0.00984EPSS
CVE
CVE
added 2024/03/04 3:15 a.m.79 views

CVE-2024-20024

In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541635; Issue ID: ALPS08541635.

6CVSS6.9AI score0.00017EPSS
CVE
CVE
added 2024/12/02 4:15 a.m.79 views

CVE-2024-20125

In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained System privileges. User interaction is not needed for exploitation. Patch ID: ALPS09046782; Issue ID: MSV-1728.

6.7CVSS6.7AI score0.00009EPSS
CVE
CVE
added 2025/01/06 4:15 a.m.79 views

CVE-2024-20144

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; I...

6.6CVSS7.1AI score0.00011EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.79 views

CVE-2024-31323

In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.8AI score0.00035EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.79 views

CVE-2024-34722

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS7.4AI score0.00042EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.78 views

CVE-2023-45775

In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00038EPSS
CVE
CVE
added 2024/08/15 10:15 p.m.78 views

CVE-2024-34736

In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.8AI score0.00011EPSS
CVE
CVE
added 2025/01/21 11:15 p.m.78 views

CVE-2024-43095

In multiple locations, there is a possible way to obtain any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8CVSS7.1AI score0.00012EPSS
CVE
CVE
added 2024/03/04 3:15 a.m.77 views

CVE-2024-20005

In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355599; Issue ID: ALPS08355599.

8.2CVSS6.9AI score0.00003EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.77 views

CVE-2024-31312

In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.9AI score0.00027EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.77 views

CVE-2024-31314

In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

6.2CVSS6.4AI score0.00038EPSS
CVE
CVE
added 2025/04/07 4:15 a.m.77 views

CVE-2025-20656

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; ...

6.8CVSS7.1AI score0.00013EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.76 views

CVE-2023-40090

In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

6.5CVSS6.6AI score0.00022EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.76 views

CVE-2023-40092

In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00054EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.76 views

CVE-2024-31318

In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.8AI score0.00037EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.76 views

CVE-2024-31319

In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

8.4CVSS6.8AI score0.00041EPSS
CVE
CVE
added 2024/09/11 12:15 a.m.76 views

CVE-2024-40658

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.4AI score0.00013EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.75 views

CVE-2023-45773

In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00038EPSS
CVE
CVE
added 2024/04/01 3:15 a.m.75 views

CVE-2024-20042

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541780; Issue ID: ALPS08541780.

6.6CVSS7AI score0.00041EPSS
CVE
CVE
added 2024/05/07 9:15 p.m.75 views

CVE-2024-23705

In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

9.8CVSS7AI score0.00075EPSS
CVE
CVE
added 2024/08/15 10:15 p.m.75 views

CVE-2024-34737

In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n...

7.8CVSS6.8AI score0.00017EPSS
CVE
CVE
added 2024/09/11 12:15 a.m.75 views

CVE-2024-40650

In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.2AI score0.0001EPSS
CVE
CVE
added 2025/01/03 1:15 a.m.75 views

CVE-2024-43768

In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.2AI score0.00046EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.74 views

CVE-2023-21351

In multiple locations, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.9AI score0.00026EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.74 views

CVE-2023-45776

In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00038EPSS
CVE
CVE
added 2025/02/26 1:15 p.m.74 views

CVE-2024-39441

In wifi display, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.

8.4CVSS7.1AI score0.00005EPSS
CVE
CVE
added 2025/02/03 4:15 a.m.74 views

CVE-2025-20636

In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431.

6.7CVSS7.1AI score0.00008EPSS
CVE
CVE
added 2025/04/07 4:15 a.m.74 views

CVE-2025-20655

In keymaster, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04427687; Issue ID: MSV-3183.

5.3CVSS5.7AI score0.00007EPSS
CVE
CVE
added 2024/05/07 9:15 p.m.73 views

CVE-2024-0026

In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS6.5AI score0.00048EPSS
CVE
CVE
added 2024/05/07 9:15 p.m.73 views

CVE-2024-23708

In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS7AI score0.00101EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.73 views

CVE-2024-31325

In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.8AI score0.00037EPSS
Total number of security vulnerabilities348