Lucene search
K

40 matches found

Prion
Prion
added 2022/08/12 3:15 p.m.19 views

Default credentials

In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

3.2CVSS5.7AI score0.00087EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/08/12 12:0 a.m.5 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in the Google Android SettingsProvider component that stems from a lack of privilege checking and has a possible way to read or change the default ringtone...

4.4CVSS5.3AI score0.00087EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/08/11 3:10 p.m.24 views

CVE-2022-20255

In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

6.1AI score0.00087EPSS
Exploits0References1
CVE
CVE
added 2022/08/11 3:10 p.m.62 views

CVE-2022-20255

The CVE-2022-20255 issue affects Android 13 (SettingsProvider). A missing permission check could allow a local attacker to read or modify the default ringtone, enabling local elevation of privilege without extra execution privileges and without requiring user interaction. The vulnerability is doc...

4.4CVSS5.7AI score0.00087EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/11 6:15 p.m.9 views

CVE-2022-24925

Improper input validation vulnerability in SettingsProvider prior to Android S12 allows privileged attackers to trigger a permanent denial of service attack on a victim's devices...

6.8CVSS5.8AI score0.00251EPSS
Exploits0References2
NVD
NVD
added 2022/02/11 6:15 p.m.22 views

CVE-2022-24925

Improper input validation vulnerability in SettingsProvider prior to Android S12 allows privileged attackers to trigger a permanent denial of service attack on a victim's devices...

6.8CVSS0.00251EPSS
Exploits0References1
Prion
Prion
added 2022/02/11 6:15 p.m.16 views

Input validation

Improper input validation vulnerability in SettingsProvider prior to Android S12 allows privileged attackers to trigger a permanent denial of service attack on a victim's devices...

6.8CVSS6.2AI score0.00251EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/11 5:40 p.m.21 views

CVE-2022-24925

Improper input validation vulnerability in SettingsProvider prior to Android S12 allows privileged attackers to trigger a permanent denial of service attack on a victim's devices...

4.4CVSS6.3AI score0.00251EPSS
Exploits0References1
CVE
CVE
added 2022/02/11 5:40 p.m.85 views

CVE-2022-24925

CVE-2022-24925 concerns an improper input validation vulnerability in Android’s SettingsProvider prior to Android S (12). The issue can be triggered by privileged attackers to cause a permanent denial of service on a victim’s device. The available connected sources consistently identify the affec...

6.8CVSS6.1AI score0.00251EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/06/11 3:15 p.m.0 views

CVE-2020-0178

In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

5.5CVSS6.7AI score
Exploits0References1
NVD
NVD
added 2020/06/11 3:15 p.m.13 views

CVE-2020-0178

In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

5.5CVSS0.00151EPSS
Exploits0References1
Prion
Prion
added 2020/06/11 3:15 p.m.15 views

Information disclosure

In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

2.1CVSS5AI score0.00151EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/11 2:43 p.m.15 views

CVE-2020-0178

In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

6AI score0.00151EPSS
Exploits0References1
CVE
CVE
added 2020/06/11 2:43 p.m.44 views

CVE-2020-0178

CVE-2020-0178 affects Android 10, specifically the SettingsProvider.cpp getAllConfigFlags function. The root cause is a missing permission check that enables a possible illegal read, leading to local information disclosure of configuration flags without extra execution privileges. Exploitation de...

5.5CVSS5.6AI score0.00151EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2016/09/11 9:59 p.m.17 views

CVE-2016-3887

providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOWCONFIGVPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712...

7.8CVSS7.3AI score0.00476EPSS
Exploits0References4
NVD
NVD
added 2016/09/11 9:59 p.m.21 views

CVE-2016-3876

providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFEBOOTDISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge adb tool, aka internal bug 29900345...

7.2CVSS6.5AI score0.00203EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2016/09/11 9:59 p.m.22 views

CVE-2016-3887

providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOWCONFIGVPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712...

7.8CVSS7.1AI score0.00476EPSS
Exploits0References3
Cvelist
Cvelist
added 2016/09/11 9:0 p.m.23 views

CVE-2016-3876

providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFEBOOTDISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge adb tool, aka internal bug 29900345...

6.7AI score0.00203EPSS
Exploits0References4
Cvelist
Cvelist
added 2016/09/11 9:0 p.m.23 views

CVE-2016-3887

providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOWCONFIGVPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712...

7.3AI score0.00476EPSS
Exploits0References4
CVE
CVE
added 2016/09/11 9:0 p.m.50 views

CVE-2016-3876

CVE-2016-3876 affects Android 6.x before 2016-09-01 and 7.0 before 2016-09-01. The issue, described in SettingsProvider.java, enables physically proximate attackers to bypass SAFE_BOOT_DISALLOWED and boot to safe mode via the Android Debug Bridge (ADB). Root cause is a local bypass of safe-boot p...

7.2CVSS6.7AI score0.00203EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder