CVE-2024-31322

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-269
View all →

Vulnerability Description

In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Related Vulnerabilities

CVE-2013-4867

MEDIUM
CVSS:6.3(Medium)

Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking

CWE-2692013

CVE-2017-11438

MEDIUM
CVSS:6.3(Medium)

GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a s...

CWE-2692017

CVE-2017-14124

MEDIUM
CVSS:6.3(Medium)

In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to ...

CWE-2692017

CVE-2017-7489

MEDIUM
CVSS:6.3(Medium)

In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.

CWE-2692017

CVE-2020-7281

MEDIUM
CVSS:6.3(Medium)

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to ...

CWE-2692020

CVE-2022-39202

MEDIUM
CVSS:6.3(Medium)

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat (IRC) protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underly...

CWE-2692022