4 matches found
CVE-2022-20112
In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which originates in PrivateDnsPreferenceController.java's getAvailabilityStatus, a guest user can bypass privileges to change private DNS settings, and ...
CVE-2020-0028
In notifyNetworkTested and related functions of NetworkMonitor.java, there is a possible bypass of private DNS settings. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...
CVE-2020-0028
CVE-2020-0028 affects Android 9 and is tied to the NetworkMonitor.java area, where a bypass of private DNS settings could allow remote information disclosure. Root cause: the notifyNetworkTested path and related functions enable DNS setting bypass, with exploitation requiring user interaction (UI...