CVE-2025-21058

CVE-2025-21058 affects SAMSUNG Mobile Routines, with improper access control in Routines versions prior to 4.8.7.1 (Android 15) and 4.9.6.0 (Android 16). This allows local attackers to potentially execute arbitrary code with SystemUI privileges . The issue is confirmed across multiple sources (RH...

EUVD-2025-27007

Malicious code in bioql PyPI...

CVE-2025-32320

CVE-2025-32320 affects Android System UI and describes a confused-deputy issue that can lead to local elevation of privilege: an attacker could view other users’ images without extra execution privileges or user interaction. Affected component is Android System UI; root cause is improper access c...

CVE-2025-32320

In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-21029

Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display...

PT-2025-36241

Name of the Vulnerable Software and Affected Versions: Android System UI affected versions not specified Description: A confused deputy condition exists in Android System UI that may allow applications to gain elevated privileges. This could lead to local escalation of privilege without requiring...

CVE-2025-21029

Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display...

CVE-2025-21029

Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display...

CVE-2025-21029

Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display...

CVE-2023-21458

Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent...

CVE-2022-20317

In SystemUI, there is a possible way to unexpectedly enable the external speaker due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Androi...

CVE-2025-20975

Improper Export of Android Application Components in AODService prior to version 8.8.28.12 allows local attackers to launch arbitrary activity with systemui privilege...

CVE-2024-34677

Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate...

CVE-2024-20891

Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities...

PT-2024-18804 · Systemui · Systemui

Name of the Vulnerable Software and Affected Versions: SystemUI versions prior to SMR Jul-2024 Release 1 Description: The issue is related to improper access control in the launchFullscreenIntent of SystemUI, allowing local attackers to launch privileged activities. Recommendations: For versions...

CVE-2023-42742

In sysui, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed...

CVE-2023-21374

In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Google Pixel 缓冲区错误漏洞

Google Pixel is a smartphone from Google Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from a missing bounds check in the setProfileName of the DevicePolicyManagerService.java file, which may cause the SystemUI menu to crash...

CVE-2023-21139

In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which stems from an agent obfuscation in the SystemUI that could arbitrarily launch an Activity. An attacker could exploit this vulnerability to cause a...