In multiple locations, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
3.6CVSS
8.7AI Score
0.001EPSS
Intent to distrust a CA included in the Chrome Root Store
In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
6.8AI Score
0.001EPSS
In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed......
6.8CVSS
7.2AI Score
0.0005EPSS
In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
Device reset on cancelling provisioning
In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
7.8CVSS
7.4AI Score
0.0004EPSS
Non-runtime permission flags aren't preserved upon APK updates
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User...
7.3AI Score
EPSS
Displaying photos of other users via a notification with RemoteViews.setIcon/4
In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
Html Injection in Vpn ConfirmDialog
In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
7.3CVSS
6.8AI Score
0.0004EPSS
[EoP: Modify intent-flags on a immutable PendingIntent which could grant additional permission]
In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
6.9AI Score
0.001EPSS
One-time permissions can be held indefinitely due to activity manager bug
In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
7.8CVSS
7.3AI Score
0.0004EPSS
[ESS-CWE-121] - [WearOS] NCC-E005047-NNW - Stack Buffer Overwrite in gatt_end_operation
In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
7.6AI Score
0.001EPSS
Linux kernel vulnerability advisory
In bigben_remove of hid-bigbenff.c, there is a possible race condition due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
4.6CVSS
7.3AI Score
0.001EPSS
ADP Grant - Starting arbitrary Activities via SettingsHomepageActivity on behalf of uid 1000
In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.8CVSS
7AI Score
0.0005EPSS
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for....
7.8CVSS
6.8AI Score
0.0005EPSS
TaskFragmentOrganizer.applySyncTransaction() allows leaking SurfaceControl of outer Task
In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.7AI Score
0.0004EPSS
Possible Vulnerability in Work Profile Provisioning
In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not...
5.5CVSS
5.6AI Score
0.0004EPSS
[Out of Bounds Read in AnalyzeMfcResp in NxpMfcReader.cc in nfc_nci_nxp]
In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.7AI Score
0.0004EPSS
Toasts can still be made touchable
In several functions of inputDispatcher.cpp, there is a possible way to make toasts clickable due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
6.8AI Score
EPSS
Android Kernel msm gpu driver race condition double free
In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.5AI Score
0.0004EPSS
Isolated apps able to register a broadcast receiver
In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
7.8CVSS
7.3AI Score
0.0004EPSS
[Out of Bounds Read in avdt_scb_hdl_pkt_no_frag Function in avdt_scb_act.cc in Bluetooth]
In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
Start foreground activity from background in PackageInstaller.Session#commit
In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is.....
7.8CVSS
6.9AI Score
0.0004EPSS
Registering BroadcastReceiver as another app through IApplicationThread of isolated external service
In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...
7.8CVSS
6.8AI Score
0.0004EPSS
In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
7AI Score
0.003EPSS
Bypass BG-FGS while-in-use/start restrictions via PackageInstaller.Session#commit
In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
[Out of Bounds Read in deserialize in ExecutionBurstServer.cpp in libneuralnetworks_common_defaults]
In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.7AI Score
0.0004EPSS
PendingIntent in Settings#MediaVolumePreferenceController can be hijacked
In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.5AI Score
0.0004EPSS
Possible EvilParcel bug in WorkSource class
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.002EPSS
[Out of Bounds Write in bta_av_rc_disc_done Function in bta_av_act.cc in Bluetooth]
In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for...
5.5CVSS
5.7AI Score
0.0004EPSS
In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
Guest user can add a new user via Settings#AddSupervisedUserActivity
In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.9AI Score
0.0004EPSS
In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught errors in parsing stored configs could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.3AI Score
0.0004EPSS
Linux kernel vulnerability advisory
In pxa3xx_gcu_write of pxa3xx-gcu.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
6.1CVSS
6.9AI Score
0.001EPSS
Linux kernel vulnerability advisory
In move_page_tables of mremap.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for...
7CVSS
7.2AI Score
0.001EPSS
Reading contacts of other users using emergency contact settings
In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
3.3CVSS
6.9AI Score
0.0004EPSS
[Binder][bug] Incorrect bound check in `binder_transaction_buffer_release` in binder.c
In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.7AI Score
0.0004EPSS
In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.5AI Score
0.0004EPSS
Intent injection through Intent.toUri/Intent.parseUri mismatch
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
[Regression] Uninstalling of packages by DPC does not work in T
In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for...
6.5CVSS
6.2AI Score
0.0004EPSS
Permanent denial of service via NotificationManager#createNotificationChannel
In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.7AI Score
0.0004EPSS
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
Secret notifications are not hidden on lock screen
In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
6.7AI Score
0.001EPSS
Bypass of device carrier restrictions (OS Version = android 12)
In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
ndk_mediamuxer_fuzzer: Heap-use-after-free in android::MediaAppender::init
In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
7.1AI Score
0.0004EPSS
Android lock screen sensitive notification bypass
In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the...
4.6CVSS
6AI Score
0.0004EPSS
Enabling managed connection service without user interaction using tapjacking in Telecomm
In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
7.3CVSS
7.1AI Score
0.0004EPSS