CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49734
https://notcve.org/view.php?id=CVE-2024-49734
21 Jan 2025 — In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49733
https://notcve.org/view.php?id=CVE-2024-49733
21 Jan 2025 — In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS from Settings due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49724
https://notcve.org/view.php?id=CVE-2024-49724
21 Jan 2025 — In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43771
https://notcve.org/view.php?id=CVE-2024-43771
21 Jan 2025 — In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43770
https://notcve.org/view.php?id=CVE-2024-43770
21 Jan 2025 — In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43765
https://notcve.org/view.php?id=CVE-2024-43765
21 Jan 2025 — In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43763
https://notcve.org/view.php?id=CVE-2024-43763
21 Jan 2025 — In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of service due to a logic error in the code. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43096
https://notcve.org/view.php?id=CVE-2024-43096
21 Jan 2025 — In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43095
https://notcve.org/view.php?id=CVE-2024-43095
21 Jan 2025 — In multiple locations, there is a possible way to obtain any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43769
https://notcve.org/view.php?id=CVE-2024-43769
02 Jan 2025 — In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/619ffc299bf33566ba6daee8301ee0fc96e015f4 • CWE-276: Incorrect Default Permissions •