cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-40677,https://securityvulnerability.io/vulnerability/CVE-2024-40677,Privilege Escalation Vulnerability in Android Settings Application,"A vulnerability exists in the Android Settings application that allows for potential bypass of factory reset protections due to a missing permission check in the shouldSkipForInitialSUW function of AdvancedPowerUsageDetail.java. This flaw could enable an attacker to escalate privileges locally without the need for user interaction, making it a significant concern for device security.",Google,Android,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:41.402Z,0
CVE-2024-40676,https://securityvulnerability.io/vulnerability/CVE-2024-40676,Intent Security Bypass in Android Account Manager by Google,"A vulnerability in the checkKeyIntent method of the AccountManagerService.java code allows for the bypass of intent security checks. This flaw could enable the installation of unauthorized applications through a confused deputy attack, resulting in local privilege escalation. Notably, the exploit does not require user interaction, which heightens the risk of unauthorized access to sensitive functionalities within the affected Android ecosystem.",Google,Android,7.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:41.279Z,0
CVE-2024-40675,https://securityvulnerability.io/vulnerability/CVE-2024-40675,Infinite Loop Vulnerability in Intent.java of Android Framework,"A vulnerability exists in the parseUriInternal function of the Intent.java component of the Android framework. This flaw arises from insufficient input validation, potentially leading to an infinite loop. Exploitation of this vulnerability could result in a local denial of service situation, allowing an attacker to disrupt device functionality without needing any additional execution privileges. Importantly, user interaction is not required for the exploitation of this weakness.",Google,Android,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:41.191Z,0
CVE-2024-40674,https://securityvulnerability.io/vulnerability/CVE-2024-40674,Logic Error in Android WiFi Configuration Leading to Denial of Service,"A logic error in the function validateSsid of WifiConfigurationUtil.java allows for a potential overflow in a system configuration file. This flaw can lead to a local denial of service, enabling an attacker to affect the device's WiFi functionality without requiring any additional execution privileges or user interaction. Given this scenario, corrective measures should be undertaken to patch the vulnerability.",Google,Android,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:41.052Z,0
CVE-2024-40673,https://securityvulnerability.io/vulnerability/CVE-2024-40673,Arbitrary Code Execution Vulnerability in Android Due to Input Validation Flaw,"The vulnerability in Android's ZipFile.java allows attackers to exploit improper input validation during Dynamic Code Loading. By manipulating this aspect, an attacker can execute arbitrary code without needing additional privileges or user interaction. This flaw poses a significant risk as it enables potential remote code execution, compromising system integrity and security.",Google,Android,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:40.927Z,0
CVE-2024-40672,https://securityvulnerability.io/vulnerability/CVE-2024-40672,Local Privilege Escalation Vulnerability in Android Intent Resolver,"A vulnerability exists within the Android Intent Resolver that may allow a local attacker to bypass factory reset protections due to a missing permission check in the ChooserActivity. This flaw enables an elevation of privileges without requiring additional execution privileges or user interaction, posing a significant risk to device security.",Google,Android,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:40.821Z,0
CVE-2024-40670,https://securityvulnerability.io/vulnerability/CVE-2024-40670,Use After Free Vulnerability in Android,"A vulnerability exists in Android OS allowing for a use after free condition, caused by a race condition within the system. This flaw can be exploited to escalate privileges locally without the need for additional execution privileges, raising significant security concerns. No user interaction is necessary for an attacker to exploit this vulnerability, making it particularly dangerous.",Google,Android,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:40.727Z,0
CVE-2024-40669,https://securityvulnerability.io/vulnerability/CVE-2024-40669,Race Condition Vulnerability in Android Products by Google,"A race condition vulnerability exists in Android products by Google, which allows a use after free condition. This flaw could facilitate local escalation of privileges without requiring additional execution permissions. The exploitation of this vulnerability can occur without user interaction, posing a significant threat to user security and application integrity.",Google,Android,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:40.607Z,0
CVE-2024-40651,https://securityvulnerability.io/vulnerability/CVE-2024-40651,Use-After-Free Vulnerability in Android Kernel,"This vulnerability presents a use-after-free issue in the Android kernel, stemming from a logic error in the code. It allows local escalation of privilege, meaning that an attacker can exploit this flaw without needing additional execution privileges or user interaction. This can lead to significant risks if not promptly addressed.",Google,Android,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:40.514Z,0
CVE-2024-40649,https://securityvulnerability.io/vulnerability/CVE-2024-40649,Logic Error in Android Kernel Leads to Local Privilege Escalation,"A vulnerability exists in the Android kernel due to a logic error, leading to a use-after-free condition. This flaw could enable an attacker to escalate privileges locally without requiring any additional execution privileges or user interaction. This makes it a serious threat for systems running the affected Android kernel version.",Google,Android,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:40.428Z,0
CVE-2024-34748,https://securityvulnerability.io/vulnerability/CVE-2024-34748,Use-After-Free Vulnerability in Device Memory Management of Android by Google,"A vulnerability has been identified in the device memory management component of Android, specifically within the 'DevmemXReservationPageAddress' function of 'devicemem_server.c'. This flaw arises from improper casting, leading to a potential use-after-free condition that allows local escalation of privilege within the kernel environment. The exploitation of this vulnerability does not require any additional execution privileges or user interaction, posing significant security risks for affected devices.",Google,Android,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:40.342Z,0
CVE-2024-34733,https://securityvulnerability.io/vulnerability/CVE-2024-34733,Arbitrary Code Execution Vulnerability in Device Memory Server by Android,"A significant vulnerability exists within the Device Memory Server in Android that allows for arbitrary code execution due to an integer overflow in the DevmemXIntMapPages function. This vulnerability may facilitate local privilege escalation within the kernel without requiring elevated execution privileges or user interaction. Consequently, it poses a substantial risk to device security, emphasizing the importance of addressing this issue swiftly.",Google,Android,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:40.263Z,0
CVE-2024-34732,https://securityvulnerability.io/vulnerability/CVE-2024-34732,Arbitrary Code Execution Vulnerability in RGXMMUCacheInvalidate Function of RGXMEM by Imagination Technologies,"A vulnerability exists in the RGXMMUCacheInvalidate function within the rgxmem.c file, which allows for arbitrary code execution due to a race condition. This issue could enable attackers to escalate their privileges locally within the kernel without needing any additional execution permissions. Exploitation does not require user interaction, increasing the potential risk posed by this vulnerability.",Google,Android,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:13:40.171Z,0
CVE-2018-9378,https://securityvulnerability.io/vulnerability/CVE-2018-9378,Information Disclosure Vulnerability in Android AOSP BnAudioPolicyService,The BnAudioPolicyService component in Android AOSP contains a vulnerability that may allow local information disclosure due to uninitialized data. This flaw can potentially expose sensitive information without requiring elevated privileges or user interaction to exploit. Systems running affected versions of Android AOSP prior to the June 2018 security patch level are particularly at risk.,Google,Android,6.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T16:53:30.767Z,0
CVE-2018-9373,https://securityvulnerability.io/vulnerability/CVE-2018-9373,Out of Bounds Write Vulnerability in MTK WLAN Driver from MediaTek,"The MTK WLAN driver contains a vulnerability in the TdlsexRxFrameHandle function, which allows for an out of bounds write due to an inadequate bounds check. This flaw enables a potential remote escalation of privilege without requiring additional execution permissions. Exploitation of this vulnerability does not necessitate user interaction, posing a significant risk to systems utilizing the affected driver.",Google,Android,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T16:52:42.889Z,0
CVE-2017-13318,https://securityvulnerability.io/vulnerability/CVE-2017-13318,Out of Bounds Read Vulnerability in HeifDecoder Implementation Affecting Google Pixel Devices,"The vulnerability arises from an out of bounds read in the HeifDataSource::readAt function within HeifDecoderImpl.cpp. This flaw is caused by an integer overflow, potentially allowing remote information disclosure. While this issue does not require any special execution privileges, it does need user interaction for exploitation, making it important for users to be vigilant.",Google,Android,5.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T16:51:05.070Z,0
CVE-2017-13317,https://securityvulnerability.io/vulnerability/CVE-2017-13317,Out of Bounds Read Vulnerability in HeifDecoder Implementation by Android,"The HeifDecoder implementation in Android is susceptible to an out-of-bounds read due to inadequate input validation in the HeifDecoderImpl::getScanline function. This flaw could allow remote attackers to access sensitive information without requiring additional execution privileges. Successful exploitation necessitates user interaction, underscoring the need for vigilance in handling media content.",Google,Android,5.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T16:50:03.206Z,0
CVE-2024-43765,https://securityvulnerability.io/vulnerability/CVE-2024-43765,Local Privilege Escalation Vulnerability in Android Products,"This vulnerability affects the Android Operating System, allowing a potential attacker to exploit a tapjacking or overlay attack. In multiple locations, it could enable unauthorized access to sensitive folders. Exploitation requires user interaction and could lead to local escalation of privileges, thus allowing unauthorized actions to be executed within the user’s context.",Google,Android,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T23:15:00.000Z,0
CVE-2024-43763,https://securityvulnerability.io/vulnerability/CVE-2024-43763,Denial of Service Vulnerability in GATT Server Component by Android,"A logic error in the GATT server's build_read_multi_rsp function allows remote denial of service attacks. This vulnerability can be exploited by adjacent attackers who can cause the GATT server to become unresponsive, impacting the functionality of Bluetooth communications without the need for user interaction or additional privileges.",Google,Android,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T23:15:00.000Z,0
CVE-2024-43770,https://securityvulnerability.io/vulnerability/CVE-2024-43770,Out of Bounds Write in GATT Service Implementation of Android,A vulnerability exists in the GATT service implementation of the Android operating system that could allow an out of bounds write due to a lack of proper boundaries checks within the `gatts_process_find_info` function. This weakness may enable an attacker to execute arbitrary code remotely without requiring additional privileges or user interaction. Addressing this issue is critical for maintaining the integrity and security of Android devices.,Google,Android,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T23:15:00.000Z,0
CVE-2024-43771,https://securityvulnerability.io/vulnerability/CVE-2024-43771,Out of Bounds Write Vulnerability in Bluetooth GATT Services by Android,"An out of bounds write vulnerability exists in the Bluetooth GATT services of Android due to a missing bounds check in the gatt_process_read_req function within gatt_sr.cc. This flaw may allow attackers to execute code remotely in proximity to the affected device, without the need for any user interaction or additional privileges. Consequently, this poses a significant security risk to users of the affected Android versions.",Google,Android,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T23:15:00.000Z,0
CVE-2024-49732,https://securityvulnerability.io/vulnerability/CVE-2024-49732,Local Privilege Escalation Vulnerability in Android Companion Device Manager,"A vulnerability exists within the Companion Device Manager that allows for unauthorized granting of permissions due to insufficient checks in multiple functions of CompanionDeviceManagerService.java. This oversight could facilitate local privilege escalation without requiring any user interaction, posing a significant security risk to users. Malicious entities could exploit this flaw to gain elevated access to system functionalities, potentially compromising user data and system integrity.",Google,Android,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T23:15:00.000Z,0
CVE-2024-49735,https://securityvulnerability.io/vulnerability/CVE-2024-49735,Local Privilege Escalation Vulnerability in Android Operating System,"A vulnerability exists in the Android Operating System that may result in a failure to persist permission settings across various components, primarily due to resource exhaustion issues. This flaw enables local users to escalate their privileges without requiring additional execution privileges, and it poses a potential risk to the system integrity. Notably, user interaction is not necessary for the exploitation of this vulnerability, making it particularly concerning for device security.",Google,Android,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T23:15:00.000Z,0
CVE-2024-49736,https://securityvulnerability.io/vulnerability/CVE-2024-49736,Logic Error in MainClear.java Allows Unauthorized Factory Reset in Android Devices,"A logic error in the MainClear.java file of Android's codebase allows for a factory reset to be triggered without explicit user consent. This vulnerability leverages a flaw that can lead to a local denial of service, as it does not require additional execution privileges nor user interaction to exploit. The issue underscores the importance of securing user consent in system-level functions to prevent unauthorized actions that can disrupt device usability.",Google,Android,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T23:15:00.000Z,0
CVE-2024-49738,https://securityvulnerability.io/vulnerability/CVE-2024-49738,Out of Bounds Write Vulnerability in Android Parcel Handling,"A potential out of bounds write vulnerability exists within the Parcel handling operations in Android's Parcel.cpp. This flaw can allow an attacker to escalate local privileges without requiring any additional execution permissions or user interaction. Such vulnerabilities can pose significant security risks, particularly in multi-user environments. It is essential for users to ensure their systems are updated to mitigate the risks associated with this vulnerability.",Google,Android,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T23:15:00.000Z,0