CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43085
https://notcve.org/view.php?id=CVE-2024-43085
13 Nov 2024 — In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/2457d4e459ee6ffd099b9ff7cce9c83119c3ce66 • CWE-276: Incorrect Default Permissions •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43084
https://notcve.org/view.php?id=CVE-2024-43084
13 Nov 2024 — In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/50eec20b570cd4cbbe8c5971af4c9dda3ddcb858 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43083
https://notcve.org/view.php?id=CVE-2024-43083
13 Nov 2024 — In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Wifi/+/62f61e19524e9a55cadd1116c9448ff34b977e50 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43081
https://notcve.org/view.php?id=CVE-2024-43081
13 Nov 2024 — In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/31c098c4271ad4fdfb3809e05017ead8d9f6580f • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43080
https://notcve.org/view.php?id=CVE-2024-43080
13 Nov 2024 — In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. • https://android.googlesource.com/platform/packages/apps/Settings/+/26ce013dfd7e59a451acc66e7f05564e0884d46b • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40660
https://notcve.org/view.php?id=CVE-2024-40660
13 Nov 2024 — In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/native/+/064ce6e3235b6318be1e41f1bac9595a98e4aafa • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 43EXPL: 0CVE-2024-34603
https://notcve.org/view.php?id=CVE-2024-34603
08 Jul 2024 — Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data. El control de acceso inadecuado en Samsung Message anterior a SMR Jul-2024 Release 1 permite a atacantes locales acceder a datos de ubicación. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07 •
CVSS: 5.5EPSS: 0%CPEs: 76EXPL: 0CVE-2024-34602
https://notcve.org/view.php?id=CVE-2024-34602
08 Jul 2024 — Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability. El uso de intención implícita para comunicaciones confidenciales en Samsung Messages antes de la versión 1 de SMR de julio de 2024 permite a los atacantes locales obtener información confidencial. Se requiere la interacción del usuario para activar esta vulnerabilidad. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07 •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34599
https://notcve.org/view.php?id=CVE-2024-34599
02 Jul 2024 — Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips' privilege. La validación de entrada incorrecta en Tips anteriores a la versión 6.2.9.4 en Android 14 permite a un atacante local enviar transmisiones con Tips' privilegio. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=07 •
CVSS: 7.8EPSS: 0%CPEs: 76EXPL: 0CVE-2024-34595
https://notcve.org/view.php?id=CVE-2024-34595
02 Jul 2024 — Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. El control de acceso inadecuado en clickAdapterItem de SystemUI anterior a SMR Jul-2024 Release 1 permite a atacantes locales iniciar actividades privilegiadas. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07 •