CVE-2024-40655
- EPSS 0.08%
- Veröffentlicht 11.09.2024 00:15:11
- Zuletzt bearbeitet 18.03.2025 21:15:28
In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execu...
CVE-2024-40656
- EPSS 0.08%
- Veröffentlicht 11.09.2024 00:15:11
- Zuletzt bearbeitet 17.12.2024 19:10:01
In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User i...
CVE-2024-40657
- EPSS 0.08%
- Veröffentlicht 11.09.2024 00:15:11
- Zuletzt bearbeitet 17.12.2024 19:10:57
In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable apps for other users due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User inte...
CVE-2024-40658
- EPSS 0.11%
- Veröffentlicht 11.09.2024 00:15:11
- Zuletzt bearbeitet 17.12.2024 19:07:48
In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed f...
CVE-2024-40659
- EPSS 0.08%
- Veröffentlicht 11.09.2024 00:15:11
- Zuletzt bearbeitet 17.12.2024 19:07:45
In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead t...
CVE-2024-40662
- EPSS 0.1%
- Veröffentlicht 11.09.2024 00:15:11
- Zuletzt bearbeitet 17.12.2024 19:07:42
In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for explo...
- EPSS 0.08%
- Veröffentlicht 11.09.2024 00:15:10
- Zuletzt bearbeitet 17.12.2024 19:08:12
In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for ...
CVE-2024-20086
- EPSS 0.08%
- Veröffentlicht 02.09.2024 05:15:15
- Zuletzt bearbeitet 05.09.2024 14:26:34
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue I...
CVE-2024-20087
- EPSS 0.08%
- Veröffentlicht 02.09.2024 05:15:15
- Zuletzt bearbeitet 05.09.2024 14:26:51
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue I...
CVE-2024-20088
- EPSS 0.1%
- Veröffentlicht 02.09.2024 05:15:15
- Zuletzt bearbeitet 13.03.2025 19:15:41
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932099; Iss...