CVE-2024-0021

HIGH Year: 2024
CVSS v3 Score
7.0
High
Weakness Type
CWE-20
View all →

Vulnerability Description

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Related Vulnerabilities

CVE-2015-8705

HIGH
CVSS:7.0(High)

buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) ...

CWE-202015

CVE-2016-3757

HIGH
CVSS:7.0(High)

The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted...

CWE-202016

CVE-2016-9093

HIGH
CVSS:7.0(High)

A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this is...

CWE-202016

CVE-2017-0458

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High...

CWE-202017

CVE-2017-0463

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as ...

CWE-202017

CVE-2017-0613

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the ...

CWE-202017