Vendor CVEs
All CVEs
11,404 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-20219 | Med | 0.36 | 5.5 | 0.00 | Jul 13, 2022 | In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User… | ||
| CVE-2022-20206 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2022 | In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. This could lead to local information disclosure about enabled notification listeners with User execution privileges needed. User interaction is not needed for… | ||
| CVE-2022-20205 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2022 | In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2022-20200 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2022 | In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20172 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2022 | In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20146 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2022 | In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. This could lead to local information disclosure of private files with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2022-20129 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2022 | In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not… | ||
| CVE-2022-20119 | Med | 0.36 | 5.5 | 0.00 | May 10, 2022 | In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20117 | Med | 0.36 | 5.5 | 0.00 | May 10, 2022 | In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20115 | Med | 0.36 | 5.5 | 0.00 | May 10, 2022 | In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User… | ||
| CVE-2022-20112 | Med | 0.36 | 5.5 | 0.00 | May 10, 2022 | In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction… | ||
| CVE-2022-20011 | Med | 0.36 | 5.5 | 0.00 | May 10, 2022 | In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-39700 | Med | 0.36 | 5.5 | 0.00 | May 10, 2022 | In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-39670 | Med | 0.36 | 5.5 | 0.00 | May 10, 2022 | In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2021-39800 | Med | 0.36 | 5.5 | 0.00 | Apr 12, 2022 | In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2021-39791 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction… | ||
| CVE-2021-39788 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User… | ||
| CVE-2021-39779 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead to local information disclosure of the call state with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2021-39778 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In Telecomm, there is a possible way to determine whether an app is installed, without query permissions, due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-39777 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-39775 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-39774 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:… | ||
| CVE-2021-39773 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-39770 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In Framework, there is a possible disclosure of the device owner package due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2021-39769 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In Device Policy, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-39766 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed… | ||
| CVE-2021-39765 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535427 | ||
| CVE-2021-39761 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-39760 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In AudioService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not… | ||
| CVE-2021-39757 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In PermissionController, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:… | ||
| CVE-2021-39756 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed… | ||
| CVE-2021-39755 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User… | ||
| CVE-2021-39754 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed… | ||
| CVE-2021-39753 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-39751 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-39748 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-39747 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-39745 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is… | ||
| CVE-2021-39744 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is… | ||
| CVE-2021-39742 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2021-39740 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2022 | In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2021-39690 | Med | 0.36 | 5.5 | 0.00 | Mar 16, 2022 | In setDisplayPadding of WallpaperManagerService.java, there is a possible way to cause a persistent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-39624 | Med | 0.36 | 5.5 | 0.00 | Mar 16, 2022 | In PackageManager, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11… | ||
| CVE-2021-39688 | Med | 0.36 | 5.5 | 0.00 | Feb 11, 2022 | In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:… | ||
| CVE-2021-39687 | Med | 0.36 | 5.5 | 0.00 | Feb 11, 2022 | In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-39666 | Med | 0.36 | 5.5 | 0.00 | Feb 11, 2022 | In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2021-39664 | Med | 0.36 | 5.5 | 0.00 | Feb 11, 2022 | In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for… | ||
| CVE-2021-39631 | Med | 0.36 | 5.5 | 0.00 | Feb 11, 2022 | In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed.… | ||
| CVE-2021-0524 | Med | 0.36 | 5.5 | 0.00 | Feb 11, 2022 | In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is… | ||
| CVE-2021-39659 | Med | 0.36 | 5.5 | 0.00 | Jan 14, 2022 | In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User… |
- risk 0.36cvss 5.5epss 0.00
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User…
- risk 0.36cvss 5.5epss 0.00
In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. This could lead to local information disclosure about enabled notification listeners with User execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. This could lead to local information disclosure of private files with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not…
- risk 0.36cvss 5.5epss 0.00
In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User…
- risk 0.36cvss 5.5epss 0.00
In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…
- risk 0.36cvss 5.5epss 0.00
In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction…
- risk 0.36cvss 5.5epss 0.00
In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User…
- risk 0.36cvss 5.5epss 0.00
In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead to local information disclosure of the call state with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In Telecomm, there is a possible way to determine whether an app is installed, without query permissions, due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:…
- risk 0.36cvss 5.5epss 0.00
In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In Framework, there is a possible disclosure of the device owner package due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In Device Policy, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed…
- risk 0.36cvss 5.5epss 0.00
In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535427
- risk 0.36cvss 5.5epss 0.00
In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In AudioService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…
- risk 0.36cvss 5.5epss 0.00
In PermissionController, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:…
- risk 0.36cvss 5.5epss 0.00
In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed…
- risk 0.36cvss 5.5epss 0.00
In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User…
- risk 0.36cvss 5.5epss 0.00
In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed…
- risk 0.36cvss 5.5epss 0.00
In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is…
- risk 0.36cvss 5.5epss 0.00
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is…
- risk 0.36cvss 5.5epss 0.00
In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In setDisplayPadding of WallpaperManagerService.java, there is a possible way to cause a persistent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for…
- risk 0.36cvss 5.5epss 0.00
In PackageManager, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11…
- risk 0.36cvss 5.5epss 0.00
In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:…
- risk 0.36cvss 5.5epss 0.00
In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.36cvss 5.5epss 0.00
In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.36cvss 5.5epss 0.00
In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for…
- risk 0.36cvss 5.5epss 0.00
In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed.…
- risk 0.36cvss 5.5epss 0.00
In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is…
- risk 0.36cvss 5.5epss 0.00
In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User…
Page 144 of 229