20 matches found
CVE-2025-48608
In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48608
In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48608
In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48608
In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48608
In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48608
CVE-2025-48608 affects the Android SettingsProvider.java isValidMediaUri path, enabling cross-user media read due to a missing permission check. The issue permits local information disclosure without user interaction (ATT&CK: T1552-like, per the description), with CVSS 3.1 base score 5.5 (AV:L/AC...
CVE-2025-48536
In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
PT-2025-49581
In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2022-14478 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue concerns a missing permission check in the SettingsProvider, allowing potential reading or modification of the default ringtone. This could result in local escalation of privilege without...
Google Android Information Disclosure Vulnerability (CNVD-2022-26772)
Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android has a security vulnerability that stems from a privilege bypass in the settings provider program, which could be exploited by attackers to gain access to sensitive information...
CVE-2021-39747
In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-39747
In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Information disclosure
In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-39747
CVE-2021-39747 affects Android 12L: a permissions bypass in Settings Provider may allow an attacker to list values of non-readable global settings, causing local information disclosure with no extra privileges and no user interaction. It is listed in Android 12L security release notes as addresse...
CVE-2021-39747
In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Google Android 安全漏洞
Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android has a security vulnerability that stems from a privilege bypass in the settings provider program, which could be exploited by attackers to gain access to sensitive information...
CVE-2022-24925
Improper input validation vulnerability in SettingsProvider prior to Android S12 allows privileged attackers to trigger a permanent denial of service attack on a victim's devices...
CVE-2022-22269
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address...
CVE-2021-25472
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information...
Android Security Restriction Bypass Vulnerability (CNVD-2016-07469)
Android is a cell phone operating system based on the Linux open kernel. A security vulnerability exists in providers/settings/SettingsProvider.java in versions of Android prior to 2016-09-01. An attacker exploiting this vulnerability via a constructed application can bypass the always-on VPN sta...