20 matches found
CVE-2025-48608
In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48608
In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48608
In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48608
In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48608
In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48608
CVE-2025-48608 affects the Android SettingsProvider.java isValidMediaUri path, enabling cross-user media read due to a missing permission check. The issue permits local information disclosure without user interaction (ATT&CK: T1552-like, per the description), with CVSS 3.1 base score 5.5 (AV:L/AC...
CVE-2025-48536
In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
PT-2025-49581
In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2022-14478 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue concerns a missing permission check in the SettingsProvider, allowing potential reading or modification of the default ringtone. This could result in local escalation of privilege without...
Google Android Information Disclosure Vulnerability (CNVD-2022-26772)
Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android has a security vulnerability that stems from a privilege bypass in the settings provider program, which could be exploited by attackers to gain access to sensitive information...
CVE-2021-39747
In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-39747
In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Information disclosure
In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-39747
In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-39747
CVE-2021-39747 affects Android 12L: a permissions bypass in Settings Provider may allow an attacker to list values of non-readable global settings, causing local information disclosure with no extra privileges and no user interaction. It is listed in Android 12L security release notes as addresse...
Google Android 安全漏洞
Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android has a security vulnerability that stems from a privilege bypass in the settings provider program, which could be exploited by attackers to gain access to sensitive information...
CVE-2022-24925
Improper input validation vulnerability in SettingsProvider prior to Android S12 allows privileged attackers to trigger a permanent denial of service attack on a victim's devices...
CVE-2022-22269
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address...
CVE-2021-25472
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information...
Android Security Restriction Bypass Vulnerability (CNVD-2016-07469)
Android is a cell phone operating system based on the Linux open kernel. A security vulnerability exists in providers/settings/SettingsProvider.java in versions of Android prior to 2016-09-01. An attacker exploiting this vulnerability via a constructed application can bypass the always-on VPN sta...