Lucene search
K

7 matches found

NVD
NVD
added 2026/06/17 1:20 p.m.6 views

CVE-2026-28575

In PackageInstaller.Sessiontransfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed...

10CVSS0.00125EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 7:2 a.m.35 views

CVE-2026-28575

In PackageInstaller.Sessiontransfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed...

10CVSS0.00125EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50239

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A logic error in the transfer function of the PackageInstaller.Session class within frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java allows for a memory...

10CVSS6AI score0.00125EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 4:0 p.m.6 views

CVE-2020-0419

In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS6.1AI score0.00149EPSS
Exploits0References1
OSV
OSV
added 2023/04/19 8:15 p.m.4 views

CVE-2023-21099

In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.2AI score0.00095EPSS
Exploits0References1
OSV
OSV
added 2022/05/10 8:15 p.m.6 views

CVE-2022-20005

In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS5.9AI score0.00215EPSS
Exploits0References1
OSV
OSV
added 2020/10/14 2:15 p.m.2 views

CVE-2020-0419

In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS6.7AI score0.00149EPSS
Exploits0References1
Rows per page
Query Builder