Lucene search

K

848 matches found

CVE
CVE
added 2020/10/14 2:15 p.m.171 views

CVE-2020-0419

In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitat...

5.5CVSS5AI score0.00015EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.166 views

CVE-2021-39704

In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not nee...

7.8CVSS7.6AI score0.00014EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.162 views

CVE-2023-20906

In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no additional execution privil...

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2023/02/28 5:15 p.m.162 views

CVE-2023-20944

In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

7.8CVSS7.7AI score0.00022EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.161 views

CVE-2023-35671

In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional...

5.5CVSS5AI score0.0025EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.160 views

CVE-2021-39807

In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed f...

7.8CVSS7.6AI score0.00012EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.160 views

CVE-2022-20353

In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

5.5CVSS5AI score0.00015EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.159 views

CVE-2021-39803

In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 And...

6.5CVSS6.1AI score0.00265EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.158 views

CVE-2021-39701

In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User inter...

9.3CVSS7.6AI score0.00038EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.156 views

CVE-2022-20465

In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita...

4.6CVSS5AI score0.00023EPSS
CVE
CVE
added 2021/01/11 10:15 p.m.155 views

CVE-2021-0308

In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Andro...

7.2CVSS6.6AI score0.00062EPSS
CVE
CVE
added 2022/05/10 8:15 p.m.155 views

CVE-2022-20114

In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ...

7.8CVSS7.7AI score0.0001EPSS
CVE
CVE
added 2021/06/22 11:15 a.m.150 views

CVE-2021-0561

In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.2AI score0.00022EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.149 views

CVE-2021-39697

In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploi...

7.8CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.149 views

CVE-2021-39706

In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVe...

9.3CVSS7.6AI score0.00062EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.148 views

CVE-2021-39707

In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android...

7.8CVSS7.6AI score0.00029EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.147 views

CVE-2022-20346

In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVer...

6.5CVSS6.1AI score0.00273EPSS
CVE
CVE
added 2022/06/15 2:15 p.m.146 views

CVE-2022-20145

In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for expl...

10CVSS9.1AI score0.3426EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.145 views

CVE-2021-39695

In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A...

7.8CVSS7.6AI score0.00012EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.145 views

CVE-2021-39796

In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Prod...

7.3CVSS7.2AI score0.00012EPSS
CVE
CVE
added 2023/01/26 9:15 p.m.144 views

CVE-2022-20456

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...

7.8CVSS7.6AI score0.00021EPSS
CVE
CVE
added 2023/01/26 9:15 p.m.144 views

CVE-2022-20489

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...

7.8CVSS7.6AI score0.00023EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.143 views

CVE-2021-39794

In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed f...

7.8CVSS7.7AI score0.00034EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.143 views

CVE-2022-20355

In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 And...

5.5CVSS5.3AI score0.00019EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.140 views

CVE-2021-39624

In PackageManager, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndr...

5.5CVSS5.3AI score0.0003EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.140 views

CVE-2022-20134

In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Pro...

7.8CVSS7.7AI score0.00031EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.140 views

CVE-2023-40123

In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.2AI score0.00004EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.138 views

CVE-2021-0694

In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interac...

7.8CVSS7.6AI score0.0001EPSS
CVE
CVE
added 2022/05/10 8:15 p.m.138 views

CVE-2022-20004

In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An...

7.8CVSS7.7AI score0.00025EPSS
CVE
CVE
added 2023/02/28 5:15 p.m.138 views

CVE-2022-20481

In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Androi...

5.5CVSS5AI score0.00014EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.138 views

CVE-2023-20914

In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not nee...

5.5CVSS5AI score0.00002EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.138 views

CVE-2023-20966

In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12...

7.8CVSS7.8AI score0.00012EPSS
CVE
CVE
added 2023/04/19 8:15 p.m.138 views

CVE-2023-21081

In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n...

7.8CVSS7.7AI score0.00004EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.138 views

CVE-2023-40127

In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.7AI score0.00023EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.137 views

CVE-2021-39669

In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploit...

7.8CVSS7.6AI score0.00009EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.137 views

CVE-2022-20498

In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 A...

4.4CVSS4.3AI score0.00971EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.137 views

CVE-2023-20917

In onTargetSelected of ResolverActivity.java, there is a possible way to share a wrong file due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An...

7.8CVSS7.6AI score0.00018EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.137 views

CVE-2023-21285

In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00033EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.136 views

CVE-2022-20358

In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Produc...

3.3CVSS3.6AI score0.0002EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.136 views

CVE-2023-21287

In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS9.4AI score0.00562EPSS
CVE
CVE
added 2022/07/13 7:15 p.m.135 views

CVE-2022-20219

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not ...

5.5CVSS5.1AI score0.0002EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.133 views

CVE-2022-20123

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Androi...

7.8CVSS7AI score0.00989EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.131 views

CVE-2021-39668

In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is needed for exploitation.Produ...

7.8CVSS7.6AI score0.00014EPSS
CVE
CVE
added 2022/06/15 2:15 p.m.131 views

CVE-2022-20144

In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Pro...

7.8CVSS7.7AI score0.00023EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.131 views

CVE-2022-20411

In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Andro...

8.8CVSS8.8AI score0.06653EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.130 views

CVE-2021-39619

In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl...

7.8CVSS7.8AI score0.00013EPSS
CVE
CVE
added 2022/05/10 8:15 p.m.130 views

CVE-2022-20011

In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...

5.5CVSS5AI score0.00015EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.130 views

CVE-2022-20124

In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...

7.8CVSS7.7AI score0.00004EPSS
CVE
CVE
added 2022/06/15 2:15 p.m.130 views

CVE-2022-20147

In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 ...

7.8CVSS7.7AI score0.00044EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.130 views

CVE-2022-20348

In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.P...

7.8CVSS7.7AI score0.00003EPSS
Total number of security vulnerabilities848