Lucene search
K

21 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:14 a.m.8 views

CVE-2019-2196

In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269143...

5.5CVSS7.1AI score0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-11840

Malware in sbrugna...

5.5CVSS5.6AI score0.00403EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25839

Malicious code in bioql PyPI...

4CVSS6.4AI score0.0031EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:20 p.m.5 views

CVE-2025-26417

In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

4CVSS5.6AI score0.0031EPSS
Exploits0References1
NVD
NVD
added 2025/08/26 11:15 p.m.6 views

CVE-2025-26417

In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

4CVSS0.0031EPSS
Exploits0References2
OSV
OSV
added 2025/08/26 11:15 p.m.6 views

CVE-2025-26417

In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

4CVSS5.9AI score0.0031EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/26 10:48 p.m.8 views

CVE-2025-26417

In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

0.0031EPSS
Exploits0References2
CVE
CVE
added 2025/08/26 10:48 p.m.76 views

CVE-2025-26417

CVE-2025-26417 affects the Android framework via the function in DownloadProvider.java, where a bypass of user consent in shared storage could occur due to a confusing deputy. This may enable local information disclosure without requiring additional execution privileges, and does not require user...

4CVSS8AI score0.0031EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/26 10:48 p.m.4 views

CVE-2025-26417

In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

8AI score0.0031EPSS
Exploits0References2
OSV
OSV
added 2024/09/04 2:15 a.m.4 views

CVE-2024-45442

Vulnerability of permission verification for APIs in the DownloadProviderMain module Impact: Successful exploitation of this vulnerability will affect availability...

7.5CVSS5.8AI score0.00182EPSS
Exploits0References1
OSV
OSV
added 2024/01/16 10:15 a.m.4 views

CVE-2023-52106

Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability...

9.1CVSS5.8AI score0.00274EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/05 12:0 a.m.4 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security bypass vulnerability, which is caused by a vulnerability in API privilege validation in the DownloadProviderMain...

9.1CVSS6.7AI score0.00274EPSS
Exploits0References5
OSV
OSV
added 2019/11/13 6:15 p.m.5 views

CVE-2019-2196

In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269143...

5.5CVSS6.2AI score0.00403EPSS
Exploits0References1
OSV
OSV
added 2019/11/13 6:15 p.m.6 views

CVE-2019-2198

In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID:...

5.5CVSS6.2AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2019/11/13 6:15 p.m.21 views

CVE-2019-2196

In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269143...

5.5CVSS5.6AI score0.00403EPSS
Exploits0References1
Prion
Prion
added 2019/11/13 6:15 p.m.21 views

Sql injection

In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID:...

4.9CVSS5.5AI score0.00403EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/11/13 6:15 p.m.15 views

Sql injection

In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269143...

4.9CVSS5.6AI score0.00403EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/11/13 5:43 p.m.55 views

CVE-2019-2198

CVE-2019-2198 is a SQL injection vulnerability in Android’s Download Provider that can lead to local information disclosure without user interaction. Affected: Android 8.0–10 (Download Provider query selection parameter). Root cause: SQL injection in the Download Provider. Impact: local informati...

5.5CVSS5.5AI score0.00403EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/13 5:43 p.m.22 views

CVE-2019-2198

In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID:...

5.6AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/13 5:43 p.m.23 views

CVE-2019-2196

In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269143...

5.6AI score0.00403EPSS
Exploits0References1
Rows per page
Query Builder