Page 6 of 4706 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/native/+/3f85323b27d95a57bfa87cbf68dd4a143f9f88ad https://source.android.com/security/bulletin/2024-08-01 • CWE-269: Improper Privilege Management •

CVSS: -EPSS: 0%CPEs: 1EXPL: 0

In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/688e5c3012eb0a4ea88361588cf5026c10e4a42c https://source.android.com/security/bulletin/2024-08-01 •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1

In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://github.com/uthrasri/CVE-2024-34741 https://android.googlesource.com/platform/frameworks/base/+/abfaf702ef833dc4d374492d45c615c6e6de7f01 https://source.android.com/security/bulletin/2024-08-01 • CWE-269: Improper Privilege Management CWE-783: Operator Precedence Logic Error •

CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/e8b6505647be558ed3a167a1e13c53dfc227d22b https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/700c28908051ceb55e1456d2d21229bc17c6895a https://source.android.com/security/bulletin/2024-08-01 • CWE-91: XML Injection (aka Blind XPath Injection) CWE-190: Integer Overflow or Wraparound •

CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 1

In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. • https://github.com/uthrasri/CVE-2024-34739 https://android.googlesource.com/platform/frameworks/base/+/50e1f8f36e32928d10e72324c05a203a6db9f7fb https://source.android.com/security/bulletin/2024-08-01 • CWE-116: Improper Encoding or Escaping of Output •