42 matches found
CVE-2023-40074
In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2017-15353
Malware in sbrugna...
EUVD-2018-21183
Malware in sbrugna...
EUVD-2018-21048
Malware in sbrugna...
EUVD-2022-26949
Malicious code in bioql PyPI...
EUVD-2023-32872
Malicious code in bioql PyPI...
EUVD-2025-14841
Malicious code in bioql PyPI...
EUVD-2023-25501
Malicious code in bioql PyPI...
EUVD-2022-53381
Malicious code in bioql PyPI...
EUVD-2022-41004
Malicious code in bioql PyPI...
CVE-2024-20123
In vdec, there is a possible out of bounds read due to improper structure design. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09008925; Issue ID: MSV-1569...
CVE-2024-31317
In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITESECURESETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-0035
In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2022-20242
In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20144
In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20264
In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2020-0388
In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2020-0188
In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2019-2225
When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is...
CVE-2025-43562
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could...