Android Security Vulnerabilities and Issues — Android CVE List

Lucene search

GoogleAndroid

14 matches found

CVE•added 2024/08/19 5:15 p.m.•533 views

CVE-2024-32927

In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.5AI score0.00013EPSS

CVE•added 2024/08/15 10:15 p.m.•111 views

CVE-2024-34727

In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

7.5CVSS6.5AI score0.00144EPSS

CVE•added 2024/08/15 10:15 p.m.•94 views

CVE-2024-34743

In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.8AI score0.00015EPSS

CVE•added 2024/08/15 10:15 p.m.•86 views

CVE-2024-34731

In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.7CVSS7AI score0.00011EPSS

CVE•added 2024/08/15 10:15 p.m.•85 views

CVE-2024-34739

In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8CVSS6.8AI score0.00075EPSS

CVE•added 2024/08/15 10:15 p.m.•82 views

CVE-2024-34736

In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.8AI score0.00011EPSS

CVE•added 2024/08/15 10:15 p.m.•79 views

CVE-2024-34737

In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n...

7.8CVSS6.8AI score0.00017EPSS

CVE•added 2024/08/15 10:15 p.m.•77 views

CVE-2024-34741

In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no...

7.8CVSS6.7AI score0.00032EPSS

CVE•added 2024/08/15 10:15 p.m.•76 views

CVE-2024-34738

In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed f...

7.8CVSS6.7AI score0.00015EPSS

CVE•added 2024/08/15 10:15 p.m.•73 views

CVE-2024-34742

In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS6.3AI score0.00012EPSS

CVE•added 2024/08/15 10:15 p.m.•72 views

CVE-2024-34734

In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

7.8CVSS6.8AI score0.00011EPSS

CVE•added 2024/08/15 10:15 p.m.•70 views

CVE-2024-34740

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.2AI score0.0004EPSS

CVE•added 2024/08/15 10:15 p.m.•62 views

CVE-2024-31333

In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.4AI score0.00013EPSS

CVE•added 2024/08/14 3:15 a.m.•50 views

CVE-2024-20083

In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502.

9.8CVSS6.8AI score0.00109EPSS