Google

Android

7895 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2023-21165

  • EPSS 0.02%
  • Veröffentlicht 16.02.2024 19:15:08
  • Zuletzt bearbeitet 16.12.2024 14:46:05

In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not n...

5.5

CVE-2023-40085

  • EPSS 0.04%
  • Veröffentlicht 16.02.2024 19:15:08
  • Zuletzt bearbeitet 16.12.2024 14:42:50

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for e...

7.8

CVE-2024-0015

  • EPSS 3.01%
  • Veröffentlicht 16.02.2024 19:15:08
  • Zuletzt bearbeitet 14.03.2025 18:15:26

In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is no...

7.8

CVE-2024-0036

  • EPSS 0%
  • Veröffentlicht 16.02.2024 02:15:51
  • Zuletzt bearbeitet 16.12.2024 15:58:38

In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no ...

3.3

CVE-2024-0037

  • EPSS 0.02%
  • Veröffentlicht 16.02.2024 02:15:51
  • Zuletzt bearbeitet 03.12.2024 16:15:20

In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction ...

7.8

CVE-2024-0038

  • EPSS 0.03%
  • Veröffentlicht 16.02.2024 02:15:51
  • Zuletzt bearbeitet 16.12.2024 19:02:43

In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges need...

7.5

CVE-2024-0040

  • EPSS 18.37%
  • Veröffentlicht 16.02.2024 02:15:51
  • Zuletzt bearbeitet 16.12.2024 19:16:31

In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

7

CVE-2024-0041

  • EPSS 0.02%
  • Veröffentlicht 16.02.2024 02:15:51
  • Zuletzt bearbeitet 28.03.2025 16:15:27

In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional executio...

3.3

CVE-2023-40122

  • EPSS 0.05%
  • Veröffentlicht 16.02.2024 02:15:50
  • Zuletzt bearbeitet 26.11.2024 16:32:40

In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

7.8

CVE-2024-0014

  • EPSS 0.09%
  • Veröffentlicht 16.02.2024 02:15:50
  • Zuletzt bearbeitet 28.03.2025 20:15:19

In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed ...