PackageInstallerCN
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-20974 | Med | 0.40 | 6.1 | 0.00 | May 7, 2025 | Improper handling of insufficient permission in PackageInstallerCN prior to version 15.0.11.0 allows local attacker to bypass user interaction for requested installation. | ||
| CVE-2023-30728 | 0.00 | — | 0.00 | Sep 6, 2023 | Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file. This vulnerability requires user interaction. | |||
| CVE-2021-0305 | 0.00 | — | 0.01 | Feb 10, 2021 | In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:… |
- risk 0.40cvss 6.1epss 0.00
Improper handling of insufficient permission in PackageInstallerCN prior to version 15.0.11.0 allows local attacker to bypass user interaction for requested installation.
- CVE-2023-30728Sep 6, 2023risk 0.00cvss —epss 0.00
Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file. This vulnerability requires user interaction.
- CVE-2021-0305Feb 10, 2021risk 0.00cvss —epss 0.01
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…