CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2024/05/07 9:15 p.m.•17 views

CVE-2024-23712

In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appopsaccesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.3AI score0.00085EPSS

Vulnrichment•added 2024/05/07 9:1 p.m.•21 views

CVE-2024-23712

6.9AI score0.00085EPSS

OSV•added 2024/04/01 12:0 a.m.•49 views

ASB-A-304983146

5.5CVSS5.4AI score0.00085EPSS

OSV•added 2022/08/12 3:15 p.m.•2 views

CVE-2022-20291

In AppOpsService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS5.9AI score0.00095EPSS

ATTACKERKB•added 2022/08/12 3:15 p.m.•4 views

CVE-2022-20291

5.5CVSS5.9AI score0.00095EPSS

NVD•added 2022/08/12 3:15 p.m.•15 views

CVE-2022-20291

5.5CVSS0.00095EPSS

Prion•added 2022/08/12 3:15 p.m.•16 views

Information disclosure

1.7CVSS5.3AI score0.00095EPSS

CVE•added 2022/08/11 3:19 p.m.•56 views

CVE-2022-20291

CVE-2022-20291 affects Android 13 (AppOpsService) and enables a side-channel to determine whether an app is installed without query permissions, leading to local information disclosure with no user interaction. No exploit code is provided in the documents. Android 13 security notes indicate fixes...

5.5CVSS5.4AI score0.00095EPSS

Cvelist•added 2022/08/11 3:19 p.m.•27 views

CVE-2022-20291

5.7AI score0.00095EPSS

NVD•added 2022/03/16 3:15 p.m.•15 views

CVE-2021-39693

In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS0.00126EPSS

Prion•added 2022/03/16 3:15 p.m.•17 views

Code injection

7.2CVSS7.6AI score0.00126EPSS

Prion•added 2020/06/10 6:15 p.m.•15 views

Information disclosure

In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

2.1CVSS5.8AI score0.00258EPSS

Cvelist•added 2020/06/10 5:11 p.m.•18 views

CVE-2020-0121

5.4AI score0.00258EPSS

CVE•added 2020/06/10 5:11 p.m.•54 views

CVE-2020-0121

CVE-2020-0121: In Android 10, a logic error in AppOpsService.updateUidProcState allows a local information disclosure of location data with user privileges and no user interaction. Affected software is Android 10; root cause is a logic flaw enabling a permission bypass in updateUidProcState. Impa...

5.5CVSS5.1AI score0.00258EPSS

OSV•added 2019/12/06 11:15 p.m.•2 views

CVE-2019-2220

In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

5.5CVSS6.8AI score

NVD•added 2019/12/06 11:15 p.m.•32 views

CVE-2019-2220

5.5CVSS5.2AI score0.00164EPSS

Cvelist•added 2019/12/06 10:40 p.m.•29 views

CVE-2019-2220

5.2AI score0.00164EPSS

CVE•added 2019/12/06 10:40 p.m.•185 views

CVE-2019-2220

CVE-2019-2220 affects the Android Framework (AppOpsService) and involves a bypass of user interaction requirements caused by mishandling of application suspend. The vulnerability could allow local information disclosure without requiring additional privileges. Affected products are Android 9 and ...

5.5CVSS5.1AI score0.00164EPSS