Lucene search
K

29 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.5 views

CVE-2023-40073

In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.5AI score0.00134EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/08 5:27 p.m.2 views

CVE-2025-48608

In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

4.9AI score0.00064EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.5 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the American company Google. Google Android suffers from a security vulnerability that stems from a lack of permission checking, which could lead to cross-user media reading...

5.5CVSS6.4AI score0.00064EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-40073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no...

5.5CVSS5.8AI score0.00134EPSS
Exploits0References2
CVE
CVE
added 2025/09/02 10:11 p.m.446 views

CVE-2024-49728

CVE-2024-49728 affects Android Bluetooth code via generateFileInfo in BluetoothOppSendFileInfo.java, enabling a confused deputy to cause cross-user media disclosure. The issue yields local information disclosure without additional privileges and does not require user interaction to exploit, per t...

5.5CVSS5AI score0.00088EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/02 10:11 p.m.1 views

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5AI score0.00088EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:32 a.m.7 views

CVE-2024-43082

In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.2AI score0.00101EPSS
Exploits0References1
OSV
OSV
added 2025/04/01 12:0 a.m.26 views

ASB-A-296915500

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.3AI score0.00088EPSS
Exploits0References2
NVD
NVD
added 2024/11/13 6:15 p.m.25 views

CVE-2024-43082

In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS0.00101EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/13 5:25 p.m.10 views

CVE-2024-43082

In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2AI score0.00101EPSS
Exploits0References2
CVE
CVE
added 2024/11/13 5:25 p.m.104 views

CVE-2024-43082

CVE-2024-43082 concerns an information-disclosure flaw in Android involving the onActivityResult path of the EditUserPhotoController.java. The root cause is a confused deputy leading to a cross-user media read, enabling local information disclosure without extra execution privileges. The exploit ...

5.5CVSS6.2AI score0.00101EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.4 views

PT-2024-30282 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software name or versions are mentioned in the provided descriptions. Description: The issue is related to a possible cross-user media read due to a confused deputy in the EditUserPhotoController. This could lead to local...

5.5CVSS6.1AI score0.00101EPSS
Exploits0References6
OSV
OSV
added 2024/11/01 12:0 a.m.13 views

ASB-A-296915959

In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.3AI score0.00101EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/12/04 11:15 p.m.19 views

CVE-2023-40073

In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.3AI score0.00134EPSS
Exploits0References2
OSV
OSV
added 2023/12/01 12:0 a.m.25 views

ASB-A-287640400

In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5AI score0.00134EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/30 4:56 p.m.21 views

CVE-2023-21312

In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6AI score0.00088EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/30 4:56 p.m.13 views

CVE-2023-21312

In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2AI score0.00088EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/04 12:0 a.m.4 views

PT-2023-8313 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a component called IntentResolver in the Android operating system, which has inadequate access control. This could lead to local information disclosure without needi...

5.5CVSS5AI score0.00088EPSS
Exploits0References4
NVD
NVD
added 2023/08/14 10:15 p.m.24 views

CVE-2023-21279

In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.1AI score0.00089EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/14 9:4 p.m.33 views

CVE-2023-21279

In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.4AI score0.00089EPSS
Exploits0References2
Rows per page
Query Builder