CVE-2024-36062

MEDIUM Year: 2024
CVSS v3 Score
4.0
Medium
Weakness Type
CWE-281
View all →

Vulnerability Description

The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callassistant.android.ui.call.incall.InCallActivity component.

Related Vulnerabilities

CVE-2024-32020

LOW
CVSS:3.9(Low)

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database w...

CWE-2812024

CVE-2022-36062

LOW
CVSS:3.8(Low)

Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege es...

CWE-2812022

CVE-2025-0914

LOW
CVSS:3.8(Low)

An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidde...

CWE-2812025

CVE-2017-5033

MEDIUM
CVSS:4.3(Medium)

Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote atta...

CWE-2812017

CVE-2019-14956

MEDIUM
CVSS:4.3(Medium)

JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.

CWE-2812019

CVE-2020-13230

MEDIUM
CVSS:4.3(Medium)

In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).

CWE-2812020