Lucene search
+L

68 matches found

osv
osv
added 2023/10/30 5:15 p.m.6 views

CVE-2023-21304

In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS6.2AI score0.00091EPSS
Exploits0References1
nvd
nvd
added 2023/10/30 5:15 p.m.24 views

CVE-2023-21304

In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS5AI score0.00091EPSS
Exploits0References1
prion
prion
added 2023/10/30 5:15 p.m.17 views

Information disclosure

In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

1.7CVSS5.6AI score0.00091EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2023/10/30 4:56 p.m.17 views

CVE-2023-21304

In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

6.1AI score0.00091EPSS
Exploits0References1
cve
cve
added 2023/10/30 4:56 p.m.45 views

CVE-2023-21304

CVE-2023-21304 describes an information-disclosure flaw in Android’s Content Service that can reveal whether an app is installed without query permissions, via a side-channel. The issue allows local information leakage without extra execution privileges and does not require user interaction to ex...

5.5CVSS5.1AI score0.00091EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2023/10/30 4:56 p.m.25 views

CVE-2023-21304

In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

6AI score0.00091EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/10/30 12:0 a.m.6 views

PT-2023-18084 · Unknown · Content Service

Name of the Vulnerable Software and Affected Versions: Content Service affected versions not specified Description: The issue allows an attacker to determine whether an app is installed without requiring query permissions, due to side channel information disclosure. This could lead to local...

5.5CVSS5AI score0.00091EPSS
Exploits0References3
thn
thn
added 2022/10/31 10:25 a.m.42 views

Samsung Galaxy Store Bug Could've Let Hackers Secretly Install Apps on Targeted Devices

A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting XSS bug that occurs when handlin...

1.6AI score
Exploits0
osv
osv
added 2022/08/12 3:15 p.m.4 views

CVE-2022-20305

In ContentService, there is a possible disclosure of available account types due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

3.3CVSS5.9AI score0.00089EPSS
Exploits0References1
osv
osv
added 2022/08/12 3:15 p.m.3 views

CVE-2022-20303

In ContentService, there is a possible way to determine if an account is on the device without GETACCOUNTS permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product:...

5.5CVSS5.9AI score0.00089EPSS
Exploits0References1
osv
osv
added 2022/08/12 3:15 p.m.5 views

CVE-2022-20296

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.9AI score0.00089EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/08/12 12:0 a.m.5 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android 13, which stems from a possible method to determine whether an account on a device has GETACCOUNTS privileges due to a lack of privilege checking i...

5.5CVSS5.9AI score0.00089EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/08/12 12:0 a.m.6 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android 13, which stems from a lack of permission checking in ContentService, which could potentially check for the existence of an account on the device,...

5.5CVSS5.9AI score0.00089EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/08/12 12:0 a.m.4 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android 13, which stems from a lack of permission checking in ContentService, which could potentially check for the existence of an account on the device,...

5.5CVSS5.9AI score0.00089EPSS
Exploits0References2
cvelist
cvelist
added 2022/08/11 3:22 p.m.28 views

CVE-2022-20305

In ContentService, there is a possible disclosure of available account types due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

4.9AI score0.00089EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2022/08/11 12:0 a.m.6 views

PT-2022-14522 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges...

5.5CVSS5.2AI score0.00089EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2022/08/11 12:0 a.m.6 views

PT-2022-14524 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges...

5.5CVSS5.2AI score0.00089EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2022/08/11 12:0 a.m.3 views

PT-2022-14531 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: In ContentService, there is a possible disclosure of available account types due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. Us...

3.3CVSS3.7AI score0.00089EPSS
Exploits0References3
osv
osv
added 2016/04/18 12:59 a.m.5 views

CVE-2016-2426

server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GETACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal...

5.5CVSS5.8AI score0.00388EPSS
Exploits0References2
seebug
seebug
added 2014/07/01 12:0 a.m.56 views

SSH 1.2.x CRC-32 Compensation Attack Detector Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2347/info Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the...

7.1AI score
Exploits0
Rows per page
Query Builder