Android
Monthly
A vulnerability was determined in Webull Investing & Trading App 11.2.5.63 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability was found in Ooma Office Business Phone App up to 7.2.2 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been found in intsig CamScanner App 6.91.1.5.250711 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A security flaw has been discovered in APEUni PTE Exam Practice App up to 10.8.0 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Spoofing issue in the WebAuthn component in Firefox for Android. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Samsung libimagecodec.quram.so contains a second out-of-bounds write in the image codec library, a separate vulnerability from CVE-2025-21042 affecting Samsung devices.
Samsung libimagecodec.quram.so contains an out-of-bounds write allowing remote code execution through crafted image files on Samsung Android devices.
Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been found in Seismic App 2.4.2 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
In System UI, there is a possible way to view other users' images due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Skia, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In App Widget, there is a possible Information Disclosure due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In gralloc4, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In libxml2, there is a possible out of bounds read due to a buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper authorization in handler for custom URL scheme issue in "Yahoo!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In android_app of Android.bp, there is a possible way to launch any activity as a system user. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.
In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.
In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.
In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Android Chrome sandbox contains a use-after-free enabling sandbox escape and local privilege escalation to attack the Android system_server process.
In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.
In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In multiple locations, there is a possible way to persistently DoS the device due to improper input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java , there is a possible way to exploit a parcel mismatch resulting in a launch anywhere vulnerability due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.
In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a possible escalation of privilege due to a logic error in the code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a confused deputy. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.
In multiple locations, there is a possible way to leak hidden work profile notifications due to a logic error in the code. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.
In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsSettingsDialog due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
In multiple locations, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity.
In multiple functions of PickerDbFacade.java, there is a possible unauthorized data access due to SQL injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent security check due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In onCommand of ActivityManagerShellCommand.java, there is a possible arbitrary activity launch due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In getCallingAppName of Shared.java, there is a possible way to trick users into granting file access via deceptive text in a permission popup due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
A vulnerability was determined in Webull Investing & Trading App 11.2.5.63 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability was found in Ooma Office Business Phone App up to 7.2.2 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been found in intsig CamScanner App 6.91.1.5.250711 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A security flaw has been discovered in APEUni PTE Exam Practice App up to 10.8.0 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Spoofing issue in the WebAuthn component in Firefox for Android. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Samsung libimagecodec.quram.so contains a second out-of-bounds write in the image codec library, a separate vulnerability from CVE-2025-21042 affecting Samsung devices.
Samsung libimagecodec.quram.so contains an out-of-bounds write allowing remote code execution through crafted image files on Samsung Android devices.
Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been found in Seismic App 2.4.2 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
In System UI, there is a possible way to view other users' images due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Skia, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In App Widget, there is a possible Information Disclosure due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In gralloc4, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In libxml2, there is a possible out of bounds read due to a buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper authorization in handler for custom URL scheme issue in "Yahoo!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In android_app of Android.bp, there is a possible way to launch any activity as a system user. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.
In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.
In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.
In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Android Chrome sandbox contains a use-after-free enabling sandbox escape and local privilege escalation to attack the Android system_server process.
In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.
In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In multiple locations, there is a possible way to persistently DoS the device due to improper input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java , there is a possible way to exploit a parcel mismatch resulting in a launch anywhere vulnerability due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.
In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a possible escalation of privilege due to a logic error in the code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a confused deputy. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.
In multiple locations, there is a possible way to leak hidden work profile notifications due to a logic error in the code. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.
In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsSettingsDialog due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
In multiple locations, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity.
In multiple functions of PickerDbFacade.java, there is a possible unauthorized data access due to SQL injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent security check due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In onCommand of ActivityManagerShellCommand.java, there is a possible arbitrary activity launch due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In getCallingAppName of Shared.java, there is a possible way to trick users into granting file access via deceptive text in a permission popup due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.