Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-40672

Summary
Assigner-google_android
Assigner Org ID-baff130e-b8d5-4e15-b3d3-c3cf5d5545c6
Published At-28 Jan, 2025 | 19:13
Updated At-28 Jan, 2025 | 20:59
Rejected At-
Credits

In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:google_android
Assigner Org ID:baff130e-b8d5-4e15-b3d3-c3cf5d5545c6
Published At:28 Jan, 2025 | 19:13
Updated At:28 Jan, 2025 | 20:59
Rejected At:
▼CVE Numbering Authority (CNA)

In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products
Vendor
Google LLCGoogle
Product
Android
Default Status
unaffected
Versions
Affected
  • 14
  • 13
  • 12L
  • 12
Problem Types
TypeCWE IDDescription
N/AN/AElevation of privilege
Type: N/A
CWE ID: N/A
Description: Elevation of privilege
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://android.googlesource.com/platform/packages/modules/IntentResolver/+/ccd29124d0d2276a3071c0418c14dec188cd3727
N/A
https://source.android.com/security/bulletin/2024-10-01
N/A
Hyperlink: https://android.googlesource.com/platform/packages/modules/IntentResolver/+/ccd29124d0d2276a3071c0418c14dec188cd3727
Resource: N/A
Hyperlink: https://source.android.com/security/bulletin/2024-10-01
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-281CWE-281 Improper Preservation of Permissions
Type: CWE
CWE ID: CWE-281
Description: CWE-281 Improper Preservation of Permissions
Metrics
VersionBase scoreBase severityVector
3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@android.com
Published At:28 Jan, 2025 | 20:15
Updated At:18 Apr, 2025 | 02:14

In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Google LLC
google
>>android>>12.0
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Google LLC
google
>>android>>12.1
cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Google LLC
google
>>android>>13.0
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
Google LLC
google
>>android>>14.0
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-281Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-281
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://android.googlesource.com/platform/packages/modules/IntentResolver/+/ccd29124d0d2276a3071c0418c14dec188cd3727security@android.com
Product
https://source.android.com/security/bulletin/2024-10-01security@android.com
Vendor Advisory
Hyperlink: https://android.googlesource.com/platform/packages/modules/IntentResolver/+/ccd29124d0d2276a3071c0418c14dec188cd3727
Source: security@android.com
Resource:
Product
Hyperlink: https://source.android.com/security/bulletin/2024-10-01
Source: security@android.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

96Records found
CVE-2018-9428
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.01% / 0.65%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 21:25
Updated-22 Nov, 2024 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. https://source.android.com/security/bulletin/2018-07-01

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-416
Use After Free
CVE-2018-9474
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.10% / 28.42%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 17:25
Updated-18 Dec, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-9469
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.01% / 0.43%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 16:53
Updated-18 Dec, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-862
Missing Authorization
CVE-2018-9363
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.07%
||
7 Day CHG-0.00%
Published-06 Nov, 2018 | 17:00
Updated-16 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCDebian GNU/LinuxCanonical Ltd.
Product-androiddebian_linuxlinux_kernelubuntu_linuxAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-9377
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.02% / 4.58%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 00:23
Updated-03 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-37639
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.4||HIGH
EPSS-0.01% / 1.54%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:10
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null pointer dereference and heap OOB read in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some tensor names but not enough for a successful restoration. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_tensor.cc#L158-L159) retrieves the tensor list corresponding to the `tensor_name` user controlled input and immediately retrieves the tensor at the restoration index (controlled via `preferred_shard` argument). This occurs without validating that the provided list has enough values. If the list is empty this results in dereferencing a null pointer (undefined behavior). If, however, the list has some elements, if the restoration index is outside the bounds this results in heap OOB read. We have patched the issue in GitHub commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-27208
Matching Score-8
Assigner-Google Devices
ShareView Details
Matching Score-8
Assigner-Google Devices
CVSS Score-8.4||HIGH
EPSS-0.01% / 2.05%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 18:55
Updated-03 Apr, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-27700
Matching Score-8
Assigner-Google Devices
ShareView Details
Matching Score-8
Assigner-Google Devices
CVSS Score-8.4||HIGH
EPSS-0.01% / 0.90%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 15:41
Updated-28 May, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2018-21082
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.02% / 2.52%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 14:48
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.x) software. Dex Station allows App Pinning bypass and lock-screen bypass via the "Use screen lock type to unpin" option. The Samsung ID is SVE-2017-11106 (February 2018).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-27836
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-8.4||HIGH
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-23428
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-8.4||HIGH
EPSS-0.01% / 1.70%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices with Exynos chipsets
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21070
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.01% / 0.34%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 17:21
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software. An attacker can bypass Secure Boot and obtain root access because of a missing Bootloader integrity check. The Samsung ID is SVE-2018-11552 (May 2018).

Action-Not Available
Vendor-n/aQualcomm Technologies, Inc.Google LLC
Product-androidsdm845msm8998n/a
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2025-22409
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.01% / 0.22%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 22:48
Updated-27 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-416
Use After Free
CVE-2025-22404
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.01% / 0.22%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 22:48
Updated-27 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-416
Use After Free
CVE-2025-22405
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.01% / 0.22%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 22:48
Updated-27 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-416
Use After Free
CVE-2025-22406
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.01% / 0.22%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 22:48
Updated-27 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-416
Use After Free
CVE-2025-22410
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.01% / 0.22%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 22:48
Updated-27 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-416
Use After Free
CVE-2022-20111
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-8.4||HIGH
EPSS-0.02% / 3.56%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 20:06
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366069; Issue ID: ALPS06366069.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6757cdmt6873mt6893mt8675mt8765mt6580mt8788mt6750mt8666mt8167mt6765mt6757cmt6737mt6883mt8696mt6853tmt6739mt6757mt8768mt6797mt6769mt6761mt6875mt6889mt8789mt8797mt8321mt6768mt8362amt8786mt8766mt8695mt6771mt8385mt6833mt6885mt6735mt6750smt6753mt6762mt6877mt6781mt8365mt6853mt8168androidmt6757chmt8185mt8791mt6779mt6785mt6763mt8173MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6797, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6893, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8695, MT8696, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2023-21165
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.02% / 4.72%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 18:33
Updated-16 Dec, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Imagination Technologies LimitedGoogle LLC
Product-androidAndroidpowervr-gpu
CWE ID-CWE-416
Use After Free
CVE-2024-29746
Matching Score-8
Assigner-Google Devices
ShareView Details
Matching Score-8
Assigner-Google Devices
CVSS Score-8.4||HIGH
EPSS-0.01% / 1.90%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 20:02
Updated-27 Aug, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In lpm_req_handler of lpm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Androidandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-27226
Matching Score-8
Assigner-Google Devices
ShareView Details
Matching Score-8
Assigner-Google Devices
CVSS Score-8.4||HIGH
EPSS-0.01% / 2.05%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 18:55
Updated-03 Apr, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In tmu_config_gov_params of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-39441
Matching Score-8
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-7.1||HIGH
EPSS-0.01% / 0.24%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 05:45
Updated-06 May, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wifi display, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t765t750t612t606t610t770androids8000t310t820t616t618t760T310/T606/T612/T616/T610/T618/T750/T765/T760/T770/T820/S8000
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-31336
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.01% / 1.01%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 00:09
Updated-17 Dec, 2024 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Imagination Technologies LimitedGoogle LLC
Product-androidAndroidddk
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-31337
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.02% / 4.80%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 17:13
Updated-17 Dec, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Imagination Technologies LimitedGoogle LLC
Product-androidAndroidpowervr-gpu
CVE-2020-0405
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.18%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 15:06
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157475111

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2021-39704
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.72%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:04
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209965481

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-56192
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.39%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 20:50
Updated-27 Jun, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2021-39695
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:04
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-209607944

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2019-13682
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.91%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2019-13668
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-7.4||HIGH
EPSS-0.34% / 56.30%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2023-21464
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.04% / 10.80%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-02 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidcalendarSamsung Calendar
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2020-6564
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.62% / 69.25%
||
7 Day CHG~0.00%
Published-21 Sep, 2020 | 19:06
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2021-0953
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:05
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2019-13727
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.28% / 78.75%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverenterprise_linux_for_scientific_computingdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2021-0704
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.58%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:05
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2017-5033
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 68.67%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2023-21249
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.00% / 0.09%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 23:30
Updated-06 Nov, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2021-0927
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:05
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-189824175

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-44193
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-8.4||HIGH
EPSS-0.34% / 55.96%
||
7 Day CHG~0.00%
Published-02 Oct, 2024 | 14:24
Updated-13 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiTunes for Windowsitunes
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-40821
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.44%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:16
Updated-10 Dec, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct sandbox restrictions.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-40828
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.43%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:17
Updated-11 Dec, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2023-43612
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-8.4||HIGH
EPSS-0.02% / 4.00%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 11:45
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hiview has an improper preservation of permissions vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-40800
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-8.4||HIGH
EPSS-0.01% / 1.16%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:16
Updated-13 Feb, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2022-43910
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.02% / 3.68%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 02:04
Updated-25 Oct, 2024 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium privilege escalation

IBM Security Guardium 11.3 could allow a local user to escalate their privileges due to improper permission controls. IBM X-Force ID: 240908.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardiumsecurity_guardium
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2025-24337
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.04% / 8.66%
||
7 Day CHG~0.00%
Published-20 Jan, 2025 | 00:00
Updated-21 Jan, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.

Action-Not Available
Vendor-Musing Studio
Product-WriteFreely
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-40811
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.86%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:16
Updated-10 Dec, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-281
Improper Preservation of Permissions
  • Previous
  • 1
  • 2
  • Next
Details not found