PT-2022-14530 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue concerns a side channel information disclosure that could allow determination of a user's account, potentially leading to local information disclosure. This requires User execution privileges...

PT-2022-14519 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version Android-13 Description: In LauncherApps, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android version 13, which stems from an insecure default value in WindowManager that can be exploited by an attacker to obtain sensitive information...

PT-2022-14467 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: In WindowManager, there is a possible method to create a recording of the lock screen due to an insecure default value. This could lead to local information disclosure with no additional execution...

PT-2022-14502 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to insufficient log filtering in Accounts, allowing sensitive information to be written to the system log. This could lead to local information disclosure, requiring System executi...

PT-2022-14534 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information...

PT-2022-14579 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-12L Description: The issue is related to a possible inappropriate file read due to improper input validation in the onSaveRingtone method of DefaultRingtonePreference.java. This could lead to local...

Allwinner Technology R818 安全漏洞

The Allwinner Technology R818 is a quad-core intelligent voice with screen chip from Allwinner Technology Zhuhai, China. A security vulnerability exists in the Allwinner Technology R818, which stems from an access control security issue in the Android Q SDK V1.0 that can be exploited by an attack...

DEBIAN-CVE-2021-39648

In gadgetdevdescUDCshow of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

Google Android 安全漏洞

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Alliance OHA for short. an elevation of privilege vulnerability exists in the Framework component of Google Android version 12. No detailed vulnerability details are available...

Google Android 安全漏洞

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Alliance OHA for short. an elevation of privilege vulnerability exists in the Framework component of Google Android version 11. No detailed vulnerability details are available...

CVE-2021-20834

Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

Nike App fails to restrict custom URL schemes properly

Overview Nike App by Nike, Inc. provides the function to access a requested URL using Custom URL Scheme. The app does not restrict access to the function properly CWE-939 which may be exploited to direct the app to access any sites. Impact A remote attacker may lead a user to access an arbitrary...

CVE-2021-0636

When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product: Androidversion:...

CVE-2021-0572

In doNotification of AccountManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...

CVE-2021-0494

In memory management driver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID:...

Telegram Heap Buffer Overflow Vulnerability

Telegram is an instant messaging mobile application. A heap buffer overflow vulnerability exists in the custom derived VGradientCache :: generateGradientColorTable function of the Rlottie library for Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior t...

Google Android 安全特征问题漏洞

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in the System component of Google Android version 10. No details of the vulnerability are provided at this time...

Google Android 资源管理错误漏洞

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the Media Framework component of Google Android version 11, which can be exploited by an attacker to cause a local...

Hot Pepper Gourmet App fails to restrict access permissions

Overview Hot Pepper Gourmet App provided by Recruit Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execut...