Vendor CVEs
All CVEs
11,404 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-48561 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-48560 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-48559 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-48550 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-48542 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-48538 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not… | ||
| CVE-2025-48529 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-48524 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-26463 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-26456 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-26453 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2025-26449 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-26448 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-26445 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-26442 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verification of proper intent filters in NLS due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User… | ||
| CVE-2025-26437 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not… | ||
| CVE-2025-26432 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-26429 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-36893 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-22431 | Med | 0.36 | 5.5 | 0.00 | Sep 2, 2025 | In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could lead to local denial of service until the phone reboots with no additional execution privileges… | ||
| CVE-2025-22430 | Med | 0.36 | 5.5 | 0.00 | Sep 2, 2025 | In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-22421 | Med | 0.36 | 5.5 | 0.00 | Sep 2, 2025 | In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User… | ||
| CVE-2024-49728 | Med | 0.36 | 5.5 | 0.00 | Sep 2, 2025 | In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2024-49722 | Med | 0.36 | 5.5 | 0.00 | Sep 2, 2025 | In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-22407 | Med | 0.36 | 5.5 | 0.00 | Aug 26, 2025 | In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-0082 | Med | 0.36 | 5.5 | 0.00 | Aug 26, 2025 | In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for… | ||
| CVE-2024-49740 | Med | 0.36 | 5.5 | 0.00 | Aug 26, 2025 | In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-21009 | Med | 0.36 | 5.5 | 0.00 | Jul 8, 2025 | Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption. | ||
| CVE-2025-21008 | Med | 0.36 | 5.5 | 0.00 | Jul 8, 2025 | Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption. | ||
| CVE-2025-27701 | Med | 0.36 | 5.5 | 0.00 | May 27, 2025 | In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to… | ||
| CVE-2024-49736 | Med | 0.36 | 5.5 | 0.00 | Jan 21, 2025 | In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2024-49733 | Med | 0.36 | 5.5 | 0.00 | Jan 21, 2025 | In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS from Settings due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2023-40108 | Med | 0.36 | 5.5 | 0.00 | Jan 21, 2025 | In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2018-9406 | Med | 0.36 | 5.5 | 0.00 | Jan 18, 2025 | In NlpService, there is a possible way to obtain location information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2018-9447 | Med | 0.36 | 5.5 | 0.00 | Jan 17, 2025 | In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2018-9379 | Med | 0.36 | 5.5 | 0.00 | Jan 17, 2025 | In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2017-13322 | Med | 0.36 | 5.5 | 0.00 | Jan 17, 2025 | In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed… | ||
| CVE-2024-53839 | Med | 0.36 | 5.5 | 0.00 | Jan 3, 2025 | In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. | ||
| CVE-2024-47039 | Med | 0.36 | 5.5 | 0.00 | Dec 18, 2024 | In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2024-12236 | Med | 0.36 | 5.5 | 0.00 | Dec 10, 2024 | A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of… | ||
| CVE-2018-9407 | Med | 0.36 | 5.5 | 0.00 | Dec 5, 2024 | In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data. | ||
| CVE-2018-9449 | Med | 0.36 | 5.5 | 0.00 | Dec 3, 2024 | In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2018-9441 | Med | 0.36 | 5.5 | 0.00 | Dec 3, 2024 | In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||
| CVE-2018-9435 | Med | 0.36 | 5.5 | 0.00 | Dec 2, 2024 | In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2018-9377 | Med | 0.36 | 5.5 | 0.00 | Nov 28, 2024 | In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2017-13321 | Med | 0.36 | 5.5 | 0.00 | Nov 27, 2024 | In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User… | ||
| CVE-2018-9487 | Med | 0.36 | 5.5 | 0.00 | Nov 20, 2024 | In setVpnForcedLocked of Vpn.java, there is a possible blocking of internet traffic through vpn due to a bad uid check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | ||
| CVE-2018-9421 | Med | 0.36 | 5.5 | 0.00 | Nov 19, 2024 | In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2018-9420 | Med | 0.36 | 5.5 | 0.00 | Nov 19, 2024 | In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2018-9412 | Med | 0.36 | 5.5 | 0.00 | Nov 19, 2024 | In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation. |
- risk 0.36cvss 5.5epss 0.00
In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not…
- risk 0.36cvss 5.5epss 0.00
In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verification of proper intent filters in NLS due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User…
- risk 0.36cvss 5.5epss 0.00
In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…
- risk 0.36cvss 5.5epss 0.00
In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could lead to local denial of service until the phone reboots with no additional execution privileges…
- risk 0.36cvss 5.5epss 0.00
In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User…
- risk 0.36cvss 5.5epss 0.00
In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for…
- risk 0.36cvss 5.5epss 0.00
In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
- risk 0.36cvss 5.5epss 0.00
In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to…
- risk 0.36cvss 5.5epss 0.00
In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS from Settings due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In NlpService, there is a possible way to obtain location information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed…
- risk 0.36cvss 5.5epss 0.00
In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of…
- risk 0.36cvss 5.5epss 0.00
In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data.
- risk 0.36cvss 5.5epss 0.00
In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User…
- risk 0.36cvss 5.5epss 0.00
In setVpnForcedLocked of Vpn.java, there is a possible blocking of internet traffic through vpn due to a bad uid check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
Page 141 of 229