Vulnerabilities (CVE)

Filtered by CWE-276
Total 1284 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-43085 1 Google 1 Android 2024-12-18 N/A 7.8 HIGH
In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2017-13311 1 Google 1 Android 2024-12-18 N/A 6.7 MEDIUM
In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2017-13312 1 Google 1 Android 2024-12-18 N/A 7.8 HIGH
In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2017-13314 1 Google 1 Android 2024-12-18 N/A 7.8 HIGH
In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21270 1 Google 1 Android 2024-12-18 N/A 7.8 HIGH
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43089 1 Google 1 Android 2024-12-17 N/A 7.8 HIGH
In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2017-13310 1 Google 1 Android 2024-12-17 N/A 7.8 HIGH
In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21139 1 Google 1 Android 2024-12-17 N/A 7.8 HIGH
In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271845008
CVE-2023-21138 1 Google 1 Android 2024-12-17 N/A 7.8 HIGH
In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090
CVE-2024-40660 1 Google 1 Android 2024-12-17 N/A 7.8 HIGH
In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-40661 1 Google 1 Android 2024-12-17 N/A 7.8 HIGH
In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-45494 2024-12-17 N/A 9.8 CRITICAL
An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions.
CVE-2024-40654 1 Google 1 Android 2024-12-17 N/A 7.8 HIGH
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-43081 1 Google 1 Android 2024-12-17 N/A 7.8 HIGH
In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-31312 1 Google 1 Android 2024-12-17 N/A 5.5 MEDIUM
In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-30905 1 Hpe 4 Integrity Mc990 X Server Rmc, Integrity Mc990 X Server Rmc Firmware, Sgi Uv 300 Rmc and 1 more 2024-12-17 N/A 7.8 HIGH
The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege.
CVE-2024-9845 1 Ivanti 1 Automation 2024-12-13 N/A 7.8 HIGH
Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation.
CVE-2024-8496 1 Ivanti 1 Workspace Control 2024-12-13 N/A 7.8 HIGH
Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.
CVE-2024-10251 1 Ivanti 1 Security Controls 2024-12-13 N/A 7.8 HIGH
Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation.
CVE-2023-25645 1 Zte 10 Up T2 4k, Up T2 4k Firmware, Zxv10 B860h V5d0 and 7 more 2024-12-12 N/A 7.7 HIGH
There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.