Vendor CVEs
All CVEs
11,404 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-20467 | Med | 0.36 | 5.5 | 0.00 | Mar 24, 2023 | In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:… | ||
| CVE-2022-20481 | Med | 0.36 | 5.5 | 0.00 | Feb 28, 2023 | In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-20455 | Med | 0.36 | 5.5 | 0.00 | Feb 28, 2023 | In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2023-20949 | Med | 0.36 | 5.5 | 0.00 | Feb 15, 2023 | In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2023-20923 | Med | 0.36 | 5.5 | 0.00 | Jan 26, 2023 | In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2023-20922 | Med | 0.36 | 5.5 | 0.00 | Jan 26, 2023 | In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2023-20908 | Med | 0.36 | 5.5 | 0.00 | Jan 26, 2023 | In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-20494 | Med | 0.36 | 5.5 | 0.00 | Jan 26, 2023 | In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-20458 | Med | 0.36 | 5.5 | 0.00 | Jan 26, 2023 | The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the… | ||
| CVE-2022-20235 | Med | 0.36 | 5.5 | 0.00 | Jan 26, 2023 | The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption… | ||
| CVE-2022-20215 | Med | 0.36 | 5.5 | 0.00 | Jan 26, 2023 | In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-20213 | Med | 0.36 | 5.5 | 0.00 | Jan 26, 2023 | In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-42535 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-20609 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In Pixel cellular firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android… | ||
| CVE-2022-20608 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android… | ||
| CVE-2022-20604 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from a single device with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2022-20592 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20591 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android… | ||
| CVE-2022-20590 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2022-20575 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-20574 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-20570 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A | ||
| CVE-2022-20552 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20538 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User… | ||
| CVE-2022-20531 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2022-20527 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20523 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20518 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-20517 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20515 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not… | ||
| CVE-2022-20513 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-20511 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-20510 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution… | ||
| CVE-2022-20199 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20502 | Med | 0.36 | 5.5 | 0.00 | Dec 13, 2022 | In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-20500 | Med | 0.36 | 5.5 | 0.00 | Dec 13, 2022 | In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10… | ||
| CVE-2022-20496 | Med | 0.36 | 5.5 | 0.00 | Dec 13, 2022 | In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20482 | Med | 0.36 | 5.5 | 0.00 | Dec 13, 2022 | In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not… | ||
| CVE-2022-20476 | Med | 0.36 | 5.5 | 0.00 | Dec 13, 2022 | In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2022-20471 | Med | 0.36 | 5.5 | 0.00 | Dec 13, 2022 | In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20466 | Med | 0.36 | 5.5 | 0.00 | Dec 13, 2022 | In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed.… | ||
| CVE-2021-0934 | Med | 0.36 | 5.5 | 0.00 | Dec 13, 2022 | In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-20457 | Med | 0.36 | 5.5 | 0.00 | Nov 8, 2022 | In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2022-20453 | Med | 0.36 | 5.5 | 0.00 | Nov 8, 2022 | In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for… | ||
| CVE-2022-20448 | Med | 0.36 | 5.5 | 0.00 | Nov 8, 2022 | In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2022-20426 | Med | 0.36 | 5.5 | 0.00 | Nov 8, 2022 | In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2022-20414 | Med | 0.36 | 5.5 | 0.00 | Nov 8, 2022 | In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-3421 | Med | 0.36 | 5.6 | 0.00 | Oct 17, 2022 | An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute… | ||
| CVE-2022-20464 | Med | 0.36 | 5.5 | 0.00 | Oct 14, 2022 | In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for… | ||
| CVE-2022-20440 | Med | 0.36 | 5.5 | 0.00 | Oct 11, 2022 | In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259918 |
- risk 0.36cvss 5.5epss 0.00
In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the…
- risk 0.36cvss 5.5epss 0.00
The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption…
- risk 0.36cvss 5.5epss 0.00
In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In Pixel cellular firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…
- risk 0.36cvss 5.5epss 0.00
In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…
- risk 0.36cvss 5.5epss 0.00
In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from a single device with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…
- risk 0.36cvss 5.5epss 0.00
In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A
- risk 0.36cvss 5.5epss 0.00
In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User…
- risk 0.36cvss 5.5epss 0.00
In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…
- risk 0.36cvss 5.5epss 0.00
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution…
- risk 0.36cvss 5.5epss 0.00
In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10…
- risk 0.36cvss 5.5epss 0.00
In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not…
- risk 0.36cvss 5.5epss 0.00
In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed.…
- risk 0.36cvss 5.5epss 0.00
In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for…
- risk 0.36cvss 5.5epss 0.00
In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.6epss 0.00
An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute…
- risk 0.36cvss 5.5epss 0.00
In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259918
Page 142 of 229