36 matches found
CVE-2026-0025
In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0025
CVE-2026-0025 is mentioned in PT Security patch previews (PT-2026-4689, PT-2026-4690, PT-2026-4685, PT-2026-4688, PT-2026-4686, PT-2026-4692, PT-2026-4691, PT-2026-4684, PT-2026-4691, PT-2026-4683) as part of upcoming patch levels. The connected documents list CVE-2026-0025 among numerous CVEs in...
EUVD-2023-25407
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-35668
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information...
Linux Distros Unpatched Vulnerability : CVE-2023-21291
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to loca...
CVE-2023-35668
In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2020-0441
In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service requiring a device reset to fix with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-40073
In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-40073
In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-35668
In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Cross site scripting
In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-40073
CVE-2023-40073 concerns an information disclosure in Android’s framework: in the method visitUris of Notification.java, there is a cross-user media read (Confused Deputy) that can lead to local information disclosure without extra execution privileges. The exposed data is restricted to local acce...
CVE-2023-35668
In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-35668
In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-35668
The CVE-2023-35668 entry affects Android’s Notification.java visitUris path, where a confused deputy could cause an image display from another user. This is an information-disclosure vulnerability with local impact and no execution privileges required (no user interaction). Connected sources corr...
Information disclosure
In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21291
CVE-2023-21291 affects Android’s Notification.java (visitUris in the framework). The vulnerability arises from a missing permission check, potentially allowing a local attacker to reveal image contents belonging to another user. This is described as a local information disclosure with User privil...
CVE-2023-21291
In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21244
In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
Google Android Security Vulnerability
Google Android is a Linux-based open source operating system from Google, Inc. in the United States. Google Android suffers from a security vulnerability that originates in visitUris in Notification.java, which may disclose the content of other users' images due to a lack of permission checking,...