CVE-2025-48586

In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Google Android Obfuscated Proxy Vulnerability (CNVD-2025-26792)

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from an obfuscated proxy vulnerability that originates from...

CVE-2025-32346

In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-32346

In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-32346

CVE-2025-32346 pertains to VoicemailSettingsActivity.java in Android, where a confused deputy allows disclosure of work profile contact numbers, enabling local escalation of privilege with no additional privileges and no user interaction required. The connected documents reiterate the same root c...

PT-2023-29116 · Unknown · Lockscreensettings

Name of the Vulnerable Software and Affected Versions: LockScreenSettings affected versions not specified Description: The issue is related to the theft of arbitrary files with system privilege in the LockScreenSettings app. The main problem is that the app launches implicit intents that can be...

CVE-2023-20912

In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

PT-2023-17702 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a missing permission check in the onActivityResult method of AvatarPickerActivity.java. This could allow access to images belonging to other users, potentially...

CVE-2021-0444

In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8...