CVE-2026-28578

CVE-2026-28578 describes a vulnerability in multiple functions of Android’s DevicePolicyManagerService.java where there is a desync from persistence caused by improper input validation. This can lead to a local denial of service without requiring additional privileges or user interaction. Documen...

Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from improper input validation in the setGlobalProxy function within DevicePolicyManagerService.java. This vulnerability may lead to persiste...

CVE-2021-0983

In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible disclosure of information about installed device/profile owner package name due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges neede...

CVE-2021-0986

In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User...

EUVD-2019-11660

Malware in sbrugna...

EUVD-2021-3601

Malicious code in bioql PyPI...

EUVD-2023-25335

Malicious code in bioql PyPI...

EUVD-2021-3187

Malicious code in bioql PyPI...

EUVD-2022-25771

Malicious code in bioql PyPI...

EUVD-2025-26596

Malicious code in bioql PyPI...

Google Android Denial of Service Vulnerability (CNVD-2025-23027)

Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android, which is caused by a logic error in the handlePackagesChanged function in DevicePolicyManagerService.java. An attacker can exploit this vulnerability to cause a...

CVE-2025-48552

In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48554

CVE-2025-48554 affects Google Android (DevicePolicyManagerService.java). A logic error in handlePackagesChanged can cause a persistent DoS, with local impact and user interaction required for exploitation. No PoC details are provided in the documents. Remediation: apply the Android security patch...

CVE-2025-48552

CVE-2025-48552 affects DevicePolicyManagerService.java, specifically the saveGlobalProxyLocked function. A logic error can cause desync from persistence, enabling local privilege escalation without extra execution privileges or user interaction. The vulnerability is described consistently across ...

CVE-2025-48552

In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android, which is caused by a logic error in the handlePackagesChanged function in DevicePolicyManagerService.java. An attacker can exploit this vulnerability to cause a...

ASB-A-365975561

In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2022-20511

In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

ASB-A-382064697

Bulletin has no description...

Code injection

In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...