Vulnerabilities > Google > Android > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-09 CVE-2024-31310 Unspecified vulnerability in Google Android
In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation.
local
low complexity
google
7.8
2024-07-09 CVE-2024-31311 Out-of-bounds Write vulnerability in Google Android
In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check.
local
low complexity
google CWE-787
7.8
2024-07-09 CVE-2024-31313 Out-of-bounds Write vulnerability in Google Android
In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check.
local
low complexity
google CWE-787
7.8
2024-07-09 CVE-2024-31315 Unspecified vulnerability in Google Android
In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation.
local
low complexity
google
7.8
2024-07-09 CVE-2024-31316 Unspecified vulnerability in Google Android
In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch.
local
low complexity
google
7.8
2024-07-09 CVE-2024-31317 Deserialization of Untrusted Data vulnerability in Google Android
In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization.
local
low complexity
google CWE-502
7.8
2024-07-09 CVE-2024-31318 Missing Authorization vulnerability in Google Android
In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check.
local
low complexity
google CWE-862
7.8
2024-07-09 CVE-2024-31319 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android
In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy.
local
low complexity
google CWE-610
7.8
2024-07-09 CVE-2024-31320 Unspecified vulnerability in Google Android 12.0/12.1
In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM.
local
low complexity
google
7.8
2024-07-09 CVE-2024-31322 Unspecified vulnerability in Google Android
In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation.
local
low complexity
google
7.8