CVE-2026-0007

In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0007

In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0007

Consolidated sources describe CVE-2026-0007 as a vulnerability in WindowInfo.cpp, writeToParcel, enabling a tapjacking/overlay attack that could grant permissions and allow local elevation of privilege without additional execution privileges. Exploitation details are not provided in the Initial d...

ASB-A-433251166

Bulletin has no description...

CVE-2025-26448

In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26448

In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2025-36019

Name of the Vulnerable Software and Affected Versions: CursorWindow affected versions not specified Description: An out-of-bounds read issue exists in the writeToParcel function within CursorWindow.cpp due to uninitialized data. This could lead to local information disclosure and does not require...

CVE-2023-21276

In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that originates from uninitialized data in the writeToParcel module of CursorWindow.cpp, which can be exploited by an attacker to obtain sensitive...

PT-2022-14583 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-12 through Android-12L Description: The issue is related to a possible information disclosure due to uninitialized data in the writeToParcel function of SurfaceControl.cpp. This could lead to local information...

CVE-2022-20135

In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12...

Google Android System Elevation of Privilege Vulnerability (CNVD-2018-07452)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An elevation vulnerability exists in the writeToParcel and readFromParcel of the PeriodicAdvertisingReport.java file in Android versions 8.0 and 8.1. A local attacker can exploit...