CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

70 matches found

Prion•added 2023/10/30 5:15 p.m.•14 views

Information disclosure

In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitati...

1.7CVSS5.6AI score0.00088EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/10/30 4:56 p.m.•14 views

CVE-2023-21317

6.1AI score0.00088EPSS

Exploits0References1

Cvelist•added 2023/10/30 4:56 p.m.•12 views

CVE-2023-21317

6AI score0.00088EPSS

Exploits0References1

CVE•added 2023/10/30 4:56 p.m.•46 views

CVE-2023-21317

CVE-2023-21317 : In Android’s ContentService, a side-channel disclosure can reveal whether an app is installed on the device without any query permissions, enabling local information disclosure with no user interaction. Affected component: ContentService/Android framework; root cause: side-channe...

5.5CVSS5.6AI score0.00088EPSS

Exploits0References1Affected Software1

CVE•added 2023/10/30 4:56 p.m.•54 views

CVE-2023-21306

CVE-2023-21306 affects Android’s ContentService, enabling local information disclosure by reading installed sync content providers via a side-channel. The vulnerability description states no additional execution privileges and no user interaction are required. The available sources (CVE entry and...

5.5CVSS5.5AI score0.00092EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/10/30 4:56 p.m.•13 views

CVE-2023-21306

In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6AI score0.00092EPSS

Exploits0References1

Cvelist•added 2023/10/30 4:56 p.m.•14 views

CVE-2023-21306

5.9AI score0.00092EPSS

Exploits0References1

Positive Technologies•added 2023/10/30 12:0 a.m.•4 views

PT-2023-18086 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no...

5.5CVSS4.9AI score0.00092EPSS

Exploits0References4

Positive Technologies•added 2023/10/30 12:0 a.m.•2 views

PT-2023-18093 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to side channel information disclosure in ContentService, allowing an attacker to determine whether an app is installed without query permissions. This could lead to...

5.5CVSS5AI score0.00088EPSS

Exploits0References3

CNVD•added 2022/09/09 12:0 a.m.•19 views

Google Android Information Disclosure Vulnerability (CNVD-2022-81244)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that originates in ContentService, which allows checking the presence of an established account on the device due to a missing license check. An attacker...

5.5CVSS5.3AI score0.00089EPSS

Exploits0References1

OSV•added 2022/08/12 3:15 p.m.•1 views

CVE-2022-20295

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.9AI score0.00089EPSS

Exploits0References1

OSV•added 2022/08/12 3:15 p.m.•0 views

CVE-2022-20298

5.5CVSS6.2AI score

Exploits0References1

NVD•added 2022/08/12 3:15 p.m.•14 views

CVE-2022-20296

5.5CVSS0.00089EPSS

Exploits0References1

NVD•added 2022/08/12 3:15 p.m.•10 views

CVE-2022-20303

In ContentService, there is a possible way to determine if an account is on the device without GETACCOUNTS permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product:...

5.5CVSS0.00089EPSS

Exploits0References1

NVD•added 2022/08/12 3:15 p.m.•13 views

CVE-2022-20298

5.5CVSS0.00089EPSS

Exploits0References1

NVD•added 2022/08/12 3:15 p.m.•16 views

CVE-2022-20299

In ContentService, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS0.00089EPSS

Exploits0References1

ATTACKERKB•added 2022/08/12 3:15 p.m.•2 views

CVE-2022-20305

In ContentService, there is a possible disclosure of available account types due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

3.3CVSS5.9AI score0.00089EPSS

Exploits0References2

ATTACKERKB•added 2022/08/12 3:15 p.m.•2 views

CVE-2022-20303

5.5CVSS5.9AI score0.00089EPSS

Exploits0References2

ATTACKERKB•added 2022/08/12 3:15 p.m.•2 views

CVE-2022-20298

5.5CVSS5.9AI score0.00089EPSS

Exploits0References2

ATTACKERKB•added 2022/08/12 3:15 p.m.•5 views

CVE-2022-20296