CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-34722
https://notcve.org/view.php?id=CVE-2024-34722
09 Jul 2024 — In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En smp_proc_rand de smp_act.cc, existe una posible omisión de autenticación durante el emparejamiento BLE heredado debido a una implementación incorrecta de un protocolo. Esto podría conducir a una escalada remota de p... • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/456f705b9acc78d8184536baff3d21b0bc11c957 • CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-34721
https://notcve.org/view.php?id=CVE-2024-34721
09 Jul 2024 — In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. En sureFileColumns de MediaProvider.java, existe una posible divulgación de archivos propiedad de otro usuario debido a una validación de entrada incorrecta. Esto podría dar lugar a la divulgación de información local sin neces... • https://android.googlesource.com/platform/packages/providers/MediaProvider/+/7a1cbf5a8e17e6bff7c835fdd30dcc42b681db0a • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-34720
https://notcve.org/view.php?id=CVE-2024-34720
09 Jul 2024 — In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly de com_android_internal_os_ZygoteCommandBuffer.cpp, e... • https://android.googlesource.com/platform/frameworks/base/+/293e9ac230851acbec73f5ab12928d113d6283e1 • CWE-783: Operator Precedence Logic Error •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-31339
https://notcve.org/view.php?id=CVE-2024-31339
09 Jul 2024 — In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En múltiples funciones de StatsService.cpp, existe una posible corrupción de la memoria debido a un use after free. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://android.googlesource.com/platform/packages/modules/StatsD/+/795a0da721992432cae20fc9be21bcbce318bf5a • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31332
https://notcve.org/view.php?id=CVE-2024-31332
09 Jul 2024 — In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En varias ubicaciones, existe una manera posible de evitar una restricción para agregar nuevas conexiones Wi-Fi debido a una falta de verificación de permiso. Esto podría conducir a una escalada local de privilegios sin necesida... • https://android.googlesource.com/platform/packages/apps/Settings/+/d1f9e61e4480116838c7a642b54c217506361266 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-31331
https://notcve.org/view.php?id=CVE-2024-31331
09 Jul 2024 — In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. En setMimeGroup de PackageManagerService.java, existe una forma posible de ocultar el servicio de la Configuración debido a un error lógico en el código. Esto podría conducir a una escalada local de privilegios con privilegios de ejecución ... • https://android.googlesource.com/platform/frameworks/base/+/c8694bbccfb9c19aefed536ea710230107c935eb • CWE-783: Operator Precedence Logic Error •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 1CVE-2024-31320
https://notcve.org/view.php?id=CVE-2024-31320
09 Jul 2024 — In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En setSkipPrompt de AssociationRequest.java, existe una forma posible de establecer una asociación de dispositivo complementario sin ninguna confirmación debido a CDM. Esto podría conducir a una escalada local de pr... • https://github.com/SpiralBL0CK/CVE-2024-31320- • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-31327
https://notcve.org/view.php?id=CVE-2024-31327
09 Jul 2024 — In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En múltiples funciones de MessageQueueBase.h, existe una posible escritura fuera de los límites debido a una condición de ejecución. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://android.googlesource.com/platform/system/libfmq/+/79bbf4aeef4b254c52da670a972e22956c8c659d • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31326
https://notcve.org/view.php?id=CVE-2024-31326
09 Jul 2024 — In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En varias ubicaciones, existe una forma posible en la que el código de migración de políticas nunca se ejecutará debido a un error lógico en el código. Esto podría conducir a una escalada local de privilegios sin necesidad de permi... • https://android.googlesource.com/platform/frameworks/base/+/736462a777d0a0e1258bd7ab80d6e352ef797669 • CWE-783: Operator Precedence Logic Error •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-31325
https://notcve.org/view.php?id=CVE-2024-31325
09 Jul 2024 — In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En varias ubicaciones, existe una forma posible de revelar imágenes entre los datos de los usuarios debido a un error lógico en el código. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://android.googlesource.com/platform/frameworks/base/+/9fcd2070f22c0c6b30ecdc914cef83b5891d5f68 • CWE-269: Improper Privilege Management •