4321 results (0.015 seconds)

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/e7af00cafb52a25933ec4edb80c5111d42af0237 https://source.android.com/security/bulletin/2024-09-01 • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/av/+/6d23fa05a40e5462d4b9bad28afa932e6e12a4f3 https://source.android.com/security/bulletin/2024-09-01 • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable apps for other users due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/apps/Settings/+/8261e0ade3b414fea61d7fe9d8bc6df7a3fc8603 https://source.android.com/security/bulletin/2024-09-01 • CWE-269: Improper Privilege Management •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. • https://android.googlesource.com/platform/packages/services/Telecomm/+/f3e6a6c02439401eb7aeb3749ee5ec0b51a625b9 https://source.android.com/security/bulletin/2024-09-01 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. • https://android.googlesource.com/platform/packages/services/Telecomm/+/eeef54b37a362f506ea3aa155baddc545b6a909a https://source.android.com/security/bulletin/2024-09-01 •