40 matches found
Default credentials
In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in the Google Android SettingsProvider component that stems from a lack of privilege checking and has a possible way to read or change the default ringtone...
CVE-2022-20255
In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2022-20255
The CVE-2022-20255 issue affects Android 13 (SettingsProvider). A missing permission check could allow a local attacker to read or modify the default ringtone, enabling local elevation of privilege without extra execution privileges and without requiring user interaction. The vulnerability is doc...
CVE-2022-24925
Improper input validation vulnerability in SettingsProvider prior to Android S12 allows privileged attackers to trigger a permanent denial of service attack on a victim's devices...
CVE-2022-24925
Improper input validation vulnerability in SettingsProvider prior to Android S12 allows privileged attackers to trigger a permanent denial of service attack on a victim's devices...
Input validation
Improper input validation vulnerability in SettingsProvider prior to Android S12 allows privileged attackers to trigger a permanent denial of service attack on a victim's devices...
CVE-2022-24925
Improper input validation vulnerability in SettingsProvider prior to Android S12 allows privileged attackers to trigger a permanent denial of service attack on a victim's devices...
CVE-2022-24925
CVE-2022-24925 concerns an improper input validation vulnerability in Android’s SettingsProvider prior to Android S (12). The issue can be triggered by privileged attackers to cause a permanent denial of service on a victim’s device. The available connected sources consistently identify the affec...
CVE-2020-0178
In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...
CVE-2020-0178
In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...
Information disclosure
In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...
CVE-2020-0178
In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...
CVE-2020-0178
CVE-2020-0178 affects Android 10, specifically the SettingsProvider.cpp getAllConfigFlags function. The root cause is a missing permission check that enables a possible illegal read, leading to local information disclosure of configuration flags without extra execution privileges. Exploitation de...
CVE-2016-3887
providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOWCONFIGVPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712...
CVE-2016-3876
providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFEBOOTDISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge adb tool, aka internal bug 29900345...
CVE-2016-3887
providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOWCONFIGVPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712...
CVE-2016-3876
providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFEBOOTDISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge adb tool, aka internal bug 29900345...
CVE-2016-3887
providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOWCONFIGVPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712...
CVE-2016-3876
CVE-2016-3876 affects Android 6.x before 2016-09-01 and 7.0 before 2016-09-01. The issue, described in SettingsProvider.java, enables physically proximate attackers to bypass SAFE_BOOT_DISALLOWED and boot to safe mode via the Android Debug Bridge (ADB). Root cause is a local bypass of safe-boot p...