Export limit exceeded: 10568 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10568 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9469 | 1 Google | 1 Android | 2024-12-18 | 8.4 High |
| In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-43087 | 1 Google | 1 Android | 2024-12-18 | 8.4 High |
| In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-21122 | 1 Google | 1 Android | 2024-12-18 | 7.8 High |
| In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050191 | ||||
| CVE-2023-21123 | 1 Google | 1 Android | 2024-12-18 | 7.8 High |
| In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050064 | ||||
| CVE-2024-54662 | 2024-12-18 | 9.1 Critical | ||
| Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configurations involving socksmethod. | ||||
| CVE-2017-13314 | 1 Google | 1 Android | 2024-12-18 | 7.8 High |
| In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21270 | 1 Google | 1 Android | 2024-12-18 | 7.8 High |
| In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-43088 | 1 Google | 1 Android | 2024-12-17 | 8.4 High |
| In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-43089 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-28175 | 1 Bosch | 16 Divar Ip 3000, Divar Ip 3000 Firmware, Divar Ip 4000 and 13 more | 2024-12-17 | 7.1 High |
| Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request. | ||||
| CVE-2023-21141 | 1 Google | 1 Android | 2024-12-17 | 5.5 Medium |
| In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262244249 | ||||
| CVE-2024-24761 | 1 Galette | 1 Galette | 2024-12-17 | 7.5 High |
| Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to everyone. Version 1.0.2 fixes this issue. | ||||
| CVE-2024-34719 | 1 Google | 1 Android | 2024-12-17 | 8.4 High |
| In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-40661 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-40671 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-40652 | 1 Google | 1 Android | 2024-12-17 | 7.3 High |
| In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-40650 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-31318 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-34165 | 1 Huawei | 1 Harmonyos | 2024-12-17 | 5.3 Medium |
| Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions. | ||||
| CVE-2024-23704 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||