Lucene search
K

32 matches found

CNVD
CNVD
added 2026/03/09 12:0 a.m.3 views

Google Android elevation of privilege vulnerability (CNVD-2026-13146)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that is caused by proxy obfuscation in multiple functions of MediaProvider.java that could potentially bypass the external storage write permission. An...

8.4CVSS5.8AI score0.00101EPSS
Exploits0References1
OSV
OSV
added 2026/03/02 7:16 p.m.4 views

CVE-2025-48582

In multiple locations, there is a possible way to delete media without the MANAGEEXTERNALSTORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS5.9AI score0.00108EPSS
Exploits0References1
OSV
OSV
added 2026/03/02 7:16 p.m.2 views

CVE-2025-48578

In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITEEXTERNALSTORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS5.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/02 6:42 p.m.1 views

CVE-2025-48582

In multiple locations, there is a possible way to delete media without the MANAGEEXTERNALSTORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.1AI score0.00108EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/02 6:42 p.m.4 views

CVE-2025-48578

In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITEEXTERNALSTORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS6.1AI score0.00099EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/02 6:42 p.m.1 views

CVE-2025-48578

In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITEEXTERNALSTORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

6.1AI score0.00099EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.7 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by a possible way to bypass the WRITEEXTERNALSTORAGE privilege due to a lack of privilege checking in multiple functions of...

7.8CVSS5.8AI score0.00099EPSS
Exploits0References2
OSV
OSV
added 2026/03/01 12:0 a.m.6 views

ASB-A-418225717

In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITEEXTERNALSTORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS6.1AI score0.00099EPSS
Exploits0References2
OSV
OSV
added 2026/03/01 12:0 a.m.6 views

ASB-A-369105011

In multiple locations, there is a possible way to delete media without the MANAGEEXTERNALSTORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00108EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-6884

Malware in sbrugna...

4.7CVSS4.9AI score0.00296EPSS
Exploits0References3
OSV
OSV
added 2025/09/04 7:15 p.m.3 views

CVE-2025-48532

In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITEEXTERNALSTORAGE permission due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.3CVSS5.9AI score0.00078EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/04 6:34 p.m.5 views

CVE-2025-48532

In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITEEXTERNALSTORAGE permission due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

0.00078EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/09/04 6:34 p.m.3 views

CVE-2025-48532

In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITEEXTERNALSTORAGE permission due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.3CVSS5.9AI score0.00078EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/09/04 6:34 p.m.30 views

CVE-2025-48532

Affected software: Android MediaProvider.java (markMediaAsFavorite).Root cause: a confused deputy flaw allows bypassing the WRITE_EXTERNAL_STORAGE permission, enabling local elevation of privilege.Impact: elevates privileges locally with high confidentiality, integrity and availability implicatio...

7.3CVSS6.3AI score0.00078EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.3 views

Google Android 安全漏洞

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from an obfuscated proxy vulnerability that originates from an...

7.3CVSS6.4AI score0.00078EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.3 views

PT-2025-36057

Name of the Vulnerable Software and Affected Versions: MediaProvider.java affected versions not specified Description: A flaw exists in the markMediaAsFavorite function of MediaProvider.java that may allow bypassing the WRITE EXTERNAL STORAGE permission due to a confused deputy condition. This...

7.3CVSS5.7AI score0.00078EPSS
Exploits0References4
OSV
OSV
added 2025/09/01 12:0 a.m.10 views

ASB-A-417194323

In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITEEXTERNALSTORAGE permission due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.3CVSS6.9AI score0.00078EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/07 2:15 a.m.3 views

CVE-2025-53178

Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units...

4.8CVSS7.2AI score0.00082EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/05 12:0 a.m.4 views

PT-2025-28110 · Huawei +1 · Emui +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A permission bypass vulnerability exists in the calendar storage module. The successful exploitation of this issue may affect the schedule syncing function of watches. Recommendations: At th...

3.9CVSS6.2AI score0.00083EPSS
Exploits0References4
Citrix
Citrix
added 2025/04/22 12:0 a.m.16 views

Unable to upload the master image on MCS machine catalog in GCP

Error when updating the catalog Action Name: MCUpdateMachineCatalog Exception: StudioErrorId : ProvisioningTaskError ErrorCategory : NotSpecified TaskState : UnknownError TaskStateInformation : Terminated ErrorId : ManagedMachineGeneralException Operation : PreparingMasterImage ErrorMessage : Err...

7.1AI score
Exploits0
Rows per page
Query Builder