Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2024-43088

    In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries wit... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 8.4

    HIGH
    CVE-2024-43087

    In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privileg... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 18, 2024

  • 5.5

    MEDIUM
    CVE-2024-43086

    In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. U... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2024-43085

    In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privilege... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 18, 2024

  • 6.2

    MEDIUM
    CVE-2024-43084

    In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Mar. 13, 2025

  • 6.2

    MEDIUM
    CVE-2024-43083

    In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 5.5

    MEDIUM
    CVE-2024-43082

    In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exp... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 7.8

    HIGH
    CVE-2024-43081

    In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 7.8

    HIGH
    CVE-2024-43080

    In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploi... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 7.8

    HIGH
    CVE-2024-40671

    In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 7.8

    HIGH
    CVE-2024-40661

    In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User i... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 7.8

    HIGH
    CVE-2024-40660

    In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 8.4

    HIGH
    CVE-2024-34747

    In DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 8.4

    HIGH
    CVE-2024-34729

    In multiple locations, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploit... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 8.4

    HIGH
    CVE-2024-34719

    In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 8.4

    HIGH
    CVE-2024-31337

    In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not need... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 7.8

    HIGH
    CVE-2024-23715

    In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exp... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Nov. 20, 2024

  • 7.8

    HIGH
    CVE-2023-35686

    In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not need... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Nov. 20, 2024

  • 7.8

    HIGH
    CVE-2023-35659

    In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction ... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Nov. 20, 2024

  • 5.1

    MEDIUM
    CVE-2024-9476

    A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will onl... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291712 Results