In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608.
Max CVSS
6.7
EPSS Score
0.04%
Published
2024-02-05
Updated
2024-02-09
In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566.
Max CVSS
6.7
EPSS Score
0.04%
Published
2024-02-05
Updated
2024-02-09
In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560.
Max CVSS
6.7
EPSS Score
0.04%
Published
2024-02-05
Updated
2024-02-09
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148.
Max CVSS
6.7
EPSS Score
0.04%
Published
2024-02-05
Updated
2024-02-09
In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715.
Max CVSS
6.7
EPSS Score
0.04%
Published
2024-02-05
Updated
2024-02-09
In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601.
Max CVSS
6.7
EPSS Score
0.04%
Published
2024-02-05
Updated
2024-02-09
there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
6.4
EPSS Score
0.04%
Published
2023-12-08
Updated
2023-12-13
In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-12-08
Updated
2023-12-13
there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-12-08
Updated
2023-12-13
there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-12-08
Updated
2023-12-13
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Max CVSS
6.3
EPSS Score
0.09%
Published
2023-12-08
Updated
2024-01-05
The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The Screen recording app saves contents of arbitrary URIs to SD card which is a world-readable storage.
Max CVSS
6.1
EPSS Score
0.04%
Published
2023-09-27
Updated
2023-10-02
The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action "com.lge.lms.things.notification.ACTION". Additionally, this vulnerability is very dangerous because LG ThinQ Service is a system app (having android:sharedUserId="android.uid.system" setting). Intent redirection in this app leads to accessing arbitrary not exported activities of absolutely all apps.
Max CVSS
6.3
EPSS Score
0.04%
Published
2023-09-27
Updated
2023-10-02
In camera service, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-12-04
Updated
2023-12-07
In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-11-01
Updated
2023-11-08
In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-10-08
Updated
2023-10-11
In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-10-08
Updated
2024-02-15
In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-12-04
Updated
2024-02-02
In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-09-04
Updated
2023-09-08
In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-07-13
Updated
2023-07-20
In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-10-11
Updated
2023-10-18
In CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-10-11
Updated
2023-10-14
In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-10-11
Updated
2023-10-14
In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
6.4
EPSS Score
0.04%
Published
2023-10-11
Updated
2023-10-13
In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559.
Max CVSS
6.7
EPSS Score
0.04%
Published
2024-01-02
Updated
2024-01-05
367 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!