Security Vulnerabilities - CVEs Published In April 2024
Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module.
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-07
Permission verification vulnerability in the lock screen module.
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-04-07
Use After Free (UAF) vulnerability in the underlying driver module.
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-07
Path traversal vulnerability in the Bluetooth-based sharing module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-07
Vulnerability of insufficient permission verification in the app management module.
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-07
A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The manipulation leads to improper export of android application components. Attacking locally is a requirement. Upgrading to version 1.1.5 is able to address this issue. The name of the patch is 5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259508.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-04-07
Vulnerability of improper permission control in the window management module.
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-07
Command injection vulnerability in the AccountManager module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
7.5
EPSS Score
0.007
Published
2024-04-07
Vulnerability of improper permission control in the window management module.
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
9.1
EPSS Score
0.001
Published
2024-04-07
A vulnerability, which was classified as critical, has been found in SourceCodester Online Courseware 1.0. This issue affects some unknown processing of the file admin/saveeditt.php. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259589 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-04-07