Page 3 of 110 results (0.003 seconds)

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. • https://android.googlesource.com/platform/packages/apps/Settings/+/26ce013dfd7e59a451acc66e7f05564e0884d46b https://source.android.com/security/bulletin/2024-11-01 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/native/+/064ce6e3235b6318be1e41f1bac9595a98e4aafa https://android.googlesource.com/platform/frameworks/native/+/b6ddf525be3c2abbde59ae1533494b18a7961087 https://source.android.com/security/bulletin/2024-11-01 • CWE-276: Incorrect Default Permissions •

CVSS: 5.5EPSS: 0%CPEs: 43EXPL: 0

Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data. El control de acceso inadecuado en Samsung Message anterior a SMR Jul-2024 Release 1 permite a atacantes locales acceder a datos de ubicación. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07 •

CVSS: 5.5EPSS: 0%CPEs: 76EXPL: 0

Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability. El uso de intención implícita para comunicaciones confidenciales en Samsung Messages antes de la versión 1 de SMR de julio de 2024 permite a los atacantes locales obtener información confidencial. Se requiere la interacción del usuario para activar esta vulnerabilidad. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07 •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips' privilege. La validación de entrada incorrecta en Tips anteriores a la versión 6.2.9.4 en Android 14 permite a un atacante local enviar transmisiones con Tips' privilegio. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=07 •