CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49742
https://notcve.org/view.php?id=CVE-2024-49742
21 Jan 2025 — In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49738
https://notcve.org/view.php?id=CVE-2024-49738
21 Jan 2025 — In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49737
https://notcve.org/view.php?id=CVE-2024-49737
21 Jan 2025 — In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49736
https://notcve.org/view.php?id=CVE-2024-49736
21 Jan 2025 — In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49733
https://notcve.org/view.php?id=CVE-2024-49733
21 Jan 2025 — In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS from Settings due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-203: Observable Discrepancy •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49724
https://notcve.org/view.php?id=CVE-2024-49724
21 Jan 2025 — In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43771
https://notcve.org/view.php?id=CVE-2024-43771
21 Jan 2025 — In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43770
https://notcve.org/view.php?id=CVE-2024-43770
21 Jan 2025 — In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43765
https://notcve.org/view.php?id=CVE-2024-43765
21 Jan 2025 — In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43763
https://notcve.org/view.php?id=CVE-2024-43763
21 Jan 2025 — In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of service due to a logic error in the code. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-203: Observable Discrepancy •