CVE-2024-0048

HIGH Year: 2024
CVSS v3 Score
8.4
High
Weakness Type
CWE-230
View all →

Vulnerability Description

In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Related Vulnerabilities

CVE-2024-0208

HIGH
CVSS:7.5(High)

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

CWE-2302024

CVE-2024-9781

HIGH
CVSS:7.5(High)

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

CWE-2302024

CVE-2024-10508

CRITICAL
CVSS:9.8(Critical)

The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6....

CWE-2302024

CVE-2024-11024

CRITICAL
CVSS:9.8(Critical)

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properl...

CWE-2302024

CVE-2023-1697

MEDIUM
CVSS:6.5(Medium)

An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and t...

CWE-2302023

CVE-2024-6237

MEDIUM
CVSS:6.5(Medium)

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of servi...

CWE-2302024