19 matches found
EUVD-2016-8837
Malware in sbrugna...
EUVD-2021-6471
Malicious code in bioql PyPI...
EUVD-2023-25189
Malicious code in bioql PyPI...
CVE-2022-20398
In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
PT-2025-1335 · Google · Android
Name of the Vulnerable Software and Affected Versions: WifiServiceImpl.java affected versions not specified Description: The issue is related to a missing permission check in multiple functions of WifiServiceImpl.java, which could allow activating a Wi-Fi access point from a non-owner profile. Th...
ASB-A-231985227
In factoryReset of WifiServiceImpl.java, there is a possible way to preserve WiFi settings due to a logic error in the code. This could lead to local non-security issues across resets with no additional execution privileges needed. User interaction is not needed for exploitation...
Code injection
In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2023-21021
In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2023-21021
In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
PUB-A-255537598
In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2022-20398
In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
PT-2022-14624 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android version Android-13 Description: In the addOrUpdateNetwork function of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with...
Google Android Elevation of Privilege Vulnerability (CNVD-2022-43850)
Google Android, a Linux-based open source operating system from Google, is vulnerable to elevation of privilege. The vulnerability stems from a missing permission check in getConfiguredNetworks in WifiServiceImpl.java, which can be exploited to cause a local privilege escalation...
CVE-2021-1004
In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...
Information disclosure
In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges...
CVE-2021-0995
In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges...
CVE-2021-1004
CVE-2021-1004 affects Android 12, via a missing permission check in getConfiguredNetworks() of WifiServiceImpl.java that can allow an app to determine whether another app is installed without query permissions. This is a local privilege escalation (no user interaction required) per the descriptio...
Design/Logic Flaw
On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually...
CVE-2016-7989
CVE-2016-7989 affects Samsung Galaxy S4–S7. A malformed OTA WAP PUSH SMS containing an OMACP message triggers an unhandled ArrayIndexOutOfBoundsException in Samsung’s WifiServiceImpl (wifi-service.jar), causing the Android runtime to crash repeatedly and render the device unusable until a factory...