CVE-2021-0994

CVE-2021-0994 corresponds to an Android information-disclosure flaw described across multiple sources (NVD, Red Hat RH-CVE, CNVD, OSV) where an attacker can infer if a target app is installed by exploiting a missing permission check in ConnectivityService.java (requestRouteToHostAddress). This ca...

ASB-A-179053823

In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no additional executi...

Information disclosure

In showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent. This could lead to local information disclosure of notification data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2020-0454

Summary: CVE-2020-0454 affects Android 9 (Android-9) via the ConnectivityService.java callCallbackForRequest, enabling a local attacker with LOW privileges to bypass a permission check and disclose the current SSID without user interaction. Exploitation is localized to the device; no remote acces...