Lucene search

K
GoogleAndroid

136 matches found

CVE
CVE
added 2024/02/16 2:15 a.m.6821 views

CVE-2024-0037

In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS6AI score0.00018EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.139 views

CVE-2023-40127

In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.7AI score0.00023EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.137 views

CVE-2022-20358

In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Produc...

3.3CVSS3.6AI score0.0002EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.125 views

CVE-2023-40138

In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.6AI score0.00021EPSS
CVE
CVE
added 2023/02/28 5:15 p.m.116 views

CVE-2023-20932

In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

3.3CVSS3.6AI score0.00013EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.116 views

CVE-2023-40135

In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.6AI score0.00021EPSS
CVE
CVE
added 2020/12/15 4:15 p.m.104 views

CVE-2020-0368

In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation. This could lead to local information disclosure of voicemail metadata with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An...

3.3CVSS3.7AI score0.00026EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.103 views

CVE-2022-20446

In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exp...

3.3CVSS4.2AI score0.00019EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.96 views

CVE-2023-21278

In multiple locations, there is a possible way to obscure the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS4.3AI score0.00025EPSS
CVE
CVE
added 2022/07/13 7:15 p.m.94 views

CVE-2022-20226

In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LA...

3.9CVSS4.5AI score0.00024EPSS
CVE
CVE
added 2022/08/12 3:15 p.m.94 views

CVE-2022-20338

In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interactio...

3.3CVSS4.2AI score0.00096EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.94 views

CVE-2023-20726

In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT...

3.3CVSS3.7AI score0.00016EPSS
CVE
CVE
added 2024/03/11 5:15 p.m.92 views

CVE-2024-0053

In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS6AI score0.00023EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.91 views

CVE-2023-40134

In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.6AI score0.00021EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.91 views

CVE-2023-40137

In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.6AI score0.00021EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.87 views

CVE-2018-9581

In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE intents. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Andr...

3.3CVSS4.6AI score0.00034EPSS
CVE
CVE
added 2023/07/13 12:15 a.m.86 views

CVE-2023-21262

In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation.

3.1CVSS4AI score0.0004EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.84 views

CVE-2021-39628

In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: And...

3.3CVSS3.6AI score0.00054EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.83 views

CVE-2023-40136

In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.6AI score0.00021EPSS
CVE
CVE
added 2023/07/13 12:15 a.m.81 views

CVE-2023-21246

In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS4.3AI score0.00016EPSS
CVE
CVE
added 2020/10/14 2:15 p.m.78 views

CVE-2020-0412

In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

3.3CVSS3.6AI score0.00011EPSS
CVE
CVE
added 2020/12/14 10:15 p.m.75 views

CVE-2020-0459

In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. This could lead to local information disclosure of WiFi network names with no additional execution privileges needed. User interaction...

3.3CVSS3.5AI score0.00014EPSS
CVE
CVE
added 2024/03/11 7:15 p.m.75 views

CVE-2024-25991

In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS6AI score0.00038EPSS
CVE
CVE
added 2020/10/14 2:15 p.m.73 views

CVE-2020-0422

In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitati...

3.3CVSS3.6AI score0.00013EPSS
CVE
CVE
added 2022/08/11 3:15 p.m.70 views

CVE-2022-20251

In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation....

3.3CVSS4.2AI score0.00016EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.70 views

CVE-2022-23999

PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.

3.9CVSS3.9AI score0.00016EPSS
CVE
CVE
added 2022/03/30 4:15 p.m.68 views

CVE-2021-39739

In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-1845251...

3.3CVSS4.2AI score0.00015EPSS
CVE
CVE
added 2022/08/11 3:15 p.m.68 views

CVE-2022-20241

In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Andr...

3.3CVSS4.5AI score0.00017EPSS
CVE
CVE
added 2022/04/11 8:15 p.m.66 views

CVE-2022-25833

Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.

3.3CVSS4.2AI score0.00019EPSS
CVE
CVE
added 2020/03/10 9:15 p.m.65 views

CVE-2020-0047

In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141622311

3.3CVSS5AI score0.00031EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.63 views

CVE-2022-24000

PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.

3.9CVSS3.9AI score0.00016EPSS
CVE
CVE
added 2022/12/16 4:15 p.m.57 views

CVE-2022-20535

In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. Use...

3.3CVSS3.5AI score0.00021EPSS
CVE
CVE
added 2022/08/11 3:15 p.m.56 views

CVE-2022-20252

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS4.2AI score0.00019EPSS
CVE
CVE
added 2022/08/12 3:15 p.m.56 views

CVE-2022-20262

In ActivityManager, there is a possible way to check another process's capabilities due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android I...

3.3CVSS4.4AI score0.0002EPSS
CVE
CVE
added 2022/07/12 2:15 p.m.56 views

CVE-2022-33688

Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.

3.3CVSS3.7AI score0.00016EPSS
CVE
CVE
added 2020/06/04 6:15 p.m.54 views

CVE-2020-13838

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 (June 2020).

3.6CVSS4.3AI score0.00017EPSS
CVE
CVE
added 2022/12/16 4:15 p.m.54 views

CVE-2022-20562

In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

3.3CVSS3.7AI score0.00024EPSS
CVE
CVE
added 2022/06/07 6:15 p.m.54 views

CVE-2022-28794

Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.

3.3CVSS3.8AI score0.00016EPSS
CVE
CVE
added 2022/07/12 2:15 p.m.54 views

CVE-2022-30753

Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.

3.3CVSS3.9AI score0.00015EPSS
CVE
CVE
added 2016/01/06 7:59 p.m.53 views

CVE-2015-6641

Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.

3.1CVSS4.9AI score0.00065EPSS
CVE
CVE
added 2022/12/16 4:15 p.m.53 views

CVE-2022-20537

In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is no...

3.3CVSS4.3AI score0.0003EPSS
CVE
CVE
added 2022/08/05 4:15 p.m.53 views

CVE-2022-33724

Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log.

3.3CVSS4AI score0.00014EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.51 views

CVE-2019-9277

In the proc filesystem, there is a possible information disclosure due to log information disclosure. This could lead to local disclosure of app and browser activity with User execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android I...

3.3CVSS4.3AI score0.00015EPSS
CVE
CVE
added 2022/08/11 3:15 p.m.51 views

CVE-2022-20249

In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation....

3.3CVSS4.2AI score0.00019EPSS
CVE
CVE
added 2022/12/16 4:15 p.m.51 views

CVE-2022-20528

In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2301...

3.3CVSS4.3AI score0.00032EPSS
CVE
CVE
added 2022/08/12 3:15 p.m.49 views

CVE-2022-20305

In ContentService, there is a possible disclosure of available account types due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-19...

3.3CVSS4.4AI score0.00017EPSS
CVE
CVE
added 2022/12/16 4:15 p.m.49 views

CVE-2022-20525

In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Pro...

3.3CVSS4.2AI score0.00006EPSS
CVE
CVE
added 2024/03/04 3:15 a.m.49 views

CVE-2024-20038

In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID: ALPS08495932.

3.4CVSS5.9AI score0.00027EPSS
CVE
CVE
added 2022/08/12 3:15 p.m.48 views

CVE-2022-20267

In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A...

3.3CVSS5.2AI score0.0002EPSS
CVE
CVE
added 2022/08/12 3:15 p.m.48 views

CVE-2022-20316

In ContentResolver, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...

3.3CVSS4.2AI score0.00016EPSS
Total number of security vulnerabilities136