24 matches found
CVE-2026-0007
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0007
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-9226
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0007
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-26448
In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-26448
In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21276
In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2018-9474
In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2024-10709 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version affected versions not specified Description: The issue is related to a possible serialization/deserialization mismatch in the writeToParcel method of MediaPlayer.java due to improper input validatio...
CVE-2017-13315
In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is no...
CVE-2017-13315
In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is no...
Google Android Information Disclosure Vulnerability (CNVD-2024-07853)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that originates from uninitialized data in the writeToParcel module of CursorWindow.cpp, which can be exploited by an attacker to obtain sensitive...
CVE-2023-21276
CVE-2023-21276 affects Google Android: information disclosure via writeToParcel in CursorWindow.cpp caused by uninitialized data. This enables local information disclosure with no extra privileges and no user interaction required. The provided documents state the issue, its root cause, and impact...
CVE-2023-21276
In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-213170822
In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2022-20357
In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12...
CVE-2022-20357
In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12...
CVE-2022-20357
The CVE-2022-20357 issue affects Android 12 (and 12L) and relates to writeToParcel in SurfaceControl.cpp, enabling local information disclosure due to uninitialized data. The impact is local information disclosure with no additional execution privileges needed; user interaction is not required. M...
ASB-A-214999987
In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Design/Logic Flaw
In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12...