In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed......
6.8CVSS
6.7AI Score
0.0005EPSS
TOFU: An impostor server attack possible because the Root CA is not verified initially
In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
7.6AI Score
0.001EPSS
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
7AI Score
0.002EPSS
Permanent denial of service via WifiManager#addNetworkSuggestions
In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.3AI Score
0.0004EPSS
[Boreal S] [ADT3 T] YT able to record from Remote Submix when global mic mute toggle is enabled
In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
7.3AI Score
0.0004EPSS
Vulnerability: 3 vulnerabilities affecting GitOnBorg::android::platform::external::freetype
In ft_open_face_internal of ftobjs.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
8.1AI Score
0.003EPSS
NuMediaExtractor::readSampleData() SEGV failures
In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for...
8.8CVSS
7.6AI Score
0.002EPSS
CallRedirection Service does not unbind when null returned from Service, which may lead to BAL
In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
4.7CVSS
6.8AI Score
0.0004EPSS
Malicious app can bypass one-time permission revocation and keep it granted
In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.7AI Score
0.0004EPSS
Possible Vulnerability: Invalid check for Virtio descriptors
In is_valid of queue.rs, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
5.7AI Score
0.001EPSS
In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
8.1AI Score
0.002EPSS
In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
6.7CVSS
6.9AI Score
0.0004EPSS
[Out of Bounds Write in phNciNfc_MfCreateXchgDataHdr in phNxpExtns_MifareStd.cpp in libnfc_nci_jni]
In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.9AI Score
0.0004EPSS
Android T init_boot partition signed with public testkeys
In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
[Out of Bounds Read in pin_reply Function in bluetooth.cc in Bluetooth]
In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.7AI Score
0.0004EPSS
[oob write due to invaild length check in Mfc_Transceive() of libnfc_nci_jni.so]
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.9AI Score
0.0004EPSS
Outgoing call redirection by phone account settings tapjacking
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is...
7.8CVSS
7.8AI Score
0.0004EPSS
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.3CVSS
7.8AI Score
0.0004EPSS
Cross user image leak by logic error in multi-user profile customization
In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
Bypassing user interaction in phone account settings using duplicate registrations
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...
7.8CVSS
7.8AI Score
0.0004EPSS
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.3AI Score
0.0004EPSS
In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.3AI Score
0.0004EPSS
App can redirect a call to different user without requiring INTERACT_ACROSS_USERS permission.
In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.8CVSS
6.8AI Score
0.0005EPSS
In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.2AI Score
0.0004EPSS
[Out of Bounds Write in audioProfileToHal Function in HidlUtils.cpp in [email protected]]
In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.2AI Score
0.0004EPSS
Parcel reuse allows BAL bypass
In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
Vulnerability: external/expat (addBinding)
In storeAtts of xmlparse.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
9AI Score
0.003EPSS
In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.1AI Score
0.0004EPSS
In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for...
6.5CVSS
6.5AI Score
0.001EPSS
Bypass fix of CVE-2021-39807 : Disable secure nfc in guest user via SettingsSlice
In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7AI Score
0.0004EPSS
Task hijacking via relinquishTaskIdentity attribute - test
In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.8CVSS
7.5AI Score
0.0005EPSS
Proxy PAC URL can use several URL schemes, including file: and jar:
In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for...
5.5CVSS
6.3AI Score
0.0004EPSS
[Unexpected] Setup flow goes to LS after SIM card was inserted
In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...
7.8CVSS
7AI Score
0.0004EPSS
Reading other users' image files using ChooserActivity image preview
In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.7AI Score
0.0004EPSS
In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7AI Score
EPSS
In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
6.2AI Score
0.0004EPSS
Unauthenticated Bluetooth keystroke-injection in Pixel 7 running AP11.231117.006
In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.7AI Score
0.0004EPSS
Vulnerability: Information Leak in Print Spooler [#b/277961001 H]
In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
6.4AI Score
0.0004EPSS
In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...
6.4AI Score
0.0004EPSS
[Out of Bounds Write in attp_build_read_by_type_value_cmd in att_protocol.cc in libbt-stack]
In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
8.1AI Score
0.0004EPSS
Launch Anywhere via Screen Saver on Pixel 6 Pro with Android 12L
In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.6AI Score
0.0004EPSS
Record audio foreground requirement permissions bypass
In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...
5.5CVSS
6.2AI Score
0.0004EPSS
[Bluetooth][BTM] BTM_BleVerifySignature side-channel attack possibility
In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
6.5CVSS
7.1AI Score
0.001EPSS
[Bluetooth][A2DP] a2dp_vendor_opus_decoder_decode_packet OOB Access
In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
7.6AI Score
0.001EPSS