Missing RECEIVE_SMS permission in AOSP Bluetooth app
In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.1AI Score
0.0004EPSS
In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7CVSS
7.1AI Score
0.0004EPSS
App can be made foreground without showing notification to user (even by android system )
In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is...
7.8CVSS
7.4AI Score
0.0004EPSS
Out of bound in avrc_pars_browse_rsp of bluetooth stack
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for...
6.5CVSS
6.2AI Score
0.001EPSS
[GWP-ASan] Use after free in bluetooth (sdp)
In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
7.2AI Score
0.001EPSS
Memory Disclosure, OOB Write, and Double Free in NFC's Felica Tag Handling
In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
8.9AI Score
0.001EPSS
android source bug. in function avrc_msg_cback of avrc_api.cc
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
9.7AI Score
0.001EPSS
In tiocspgrp of tty_jobctrl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.9AI Score
0.0005EPSS
In blkdev_get of block_dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
6.7CVSS
7.5AI Score
0.0004EPSS
[two bugs in android::setPowerModeWithHandle function]
In setPowerModeWithHandle of com_android_server_power_PowerManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
[Bluetooth information disclosure vulnerability when processing AVCT_CMD of AVRC_OP_SUB_INFO]
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
7.2AI Score
0.001EPSS
In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
7.8CVSS
7.9AI Score
0.0004EPSS
[Scaning BLE without the location permission using batchscan]
In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not....
7.8CVSS
7.8AI Score
0.0004EPSS
[NotificationAccessConfirmationActivity could be Overlaid to Trick User Into Making Wrong Choice]
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for...
7.3CVSS
7.3AI Score
0.0004EPSS
URL hijacking via intent filter in Android OS (first attack)
In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
Apps can get users to unknowingly perform sensitive actions using custom activity transitions
In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.8CVSS
7.5AI Score
0.0005EPSS
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for...
7.8CVSS
8AI Score
0.0005EPSS
Potential vulnerability in Java TLS Hostname Verification
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
7AI Score
0.001EPSS
Symfony has a security issue when parsing the Authorization header
All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore....
6.8AI Score
EPSS
App can get access to all slice providers installed on the device without requiring any permission.
In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.6AI Score
0.0004EPSS
INSTALL_DONT_KILL_APP can be used to force a mismatch between running code and a parsed APK
In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
7.8CVSS
7AI Score
0.0004EPSS
Surface level lock screen bypass with complete file system access
In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
net/packet: rx_owner_map depends on pg_vec
In packet_set_ring of af_packet.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
7CVSS
7.1AI Score
0.001EPSS
[GKI] Revert mprotect optimization from android12-5.10 branch
In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
[Crafted GATT Notification Request Packet Causes Out-of-bounds Read/Write in Bluetooth]
In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
7.2AI Score
0.001EPSS
binder SELinux checks are racy wrt concurrent execve()
In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7CVSS
6.8AI Score
0.0004EPSS
[EoP: Bypass Storage Restriction in Android 11]
In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
7.8CVSS
7.5AI Score
0.0004EPSS
Set Credential Manager App without User Consent
In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
7.8CVSS
7.8AI Score
0.0005EPSS
PendingIntent hijack vulnerability in SipAccountRegistry.java
In sendSipAccountsRemovedNotification of SipAccountRegistry.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
[Android Auto] App permissions reset after upgrade on device from R build to S build
In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.5AI Score
0.0004EPSS
In __split_huge_pmd of huge_memory.c, there is a possible incorrectly mapped page due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7CVSS
6.8AI Score
0.001EPSS
[OOB problem found in media.metrics process]
In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.1AI Score
0.0004EPSS
EoP: non system overlay on InstallCaCertificateWarning
In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.8CVSS
7.8AI Score
0.0005EPSS
nfc_integration_fuzzer: Tag-mismatch in NFA_SendRawFrame
In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
9.5AI Score
0.001EPSS
In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
[SIGSEGV in /system/lib64/libstagefright.so (android::SimpleDecodingSource::doRead)]
In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
9.4AI Score
0.001EPSS
callVoicemailPendingIntent could be Hijacked to Access Contacts
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
[Security Issue] Inconsistent Root Permission Check for Fabricated Overlays
In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.6AI Score
0.0004EPSS
BUG: unable to handle kernel paging request in csum_partial
In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.8AI Score
0.0004EPSS
[Security] Linux kernel vulnerability advisory
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka...
7.8CVSS
8AI Score
0.002EPSS
[Phone] Secretly pair a remote Bluetooth device without user consent
In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
8.5AI Score
0.0005EPSS
In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass. This could lead to local escalation of privilege CONTROL_ALWAYS_ON_VPN with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
Phishing attacks over Bluetooth due to unclear warning message
In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional...
7.3CVSS
6.9AI Score
0.0004EPSS
midi_extractor_fuzzer: Global-buffer-overflow in WT_InterpolateNoLoop
In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for...
6.5CVSS
6.2AI Score
0.001EPSS
In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
4.8AI Score
0.0004EPSS
[startActivity() with system privileges]
In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.9AI Score
0.0004EPSS
KASAN: slab-out-of-bounds in xhci_vendor_get_ops when launching android12-5.10 in Cuttlefish
In xhci_vendor_get_ops of xhci.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS