In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information discl
In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional ex
In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional executi
In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of pri
In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disc
In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of privilege with no addi
In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privi
In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional executi
In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution
In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional exec
In multiple locations, there is a possible way to leak hidden work profile notifications due to a logic error in the code. This could lead to local information disclosure with no additional execution
In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privil
In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This could lead to local escalation of privilege with no additiona
In App Widget, there is a possible Information Disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is
In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. This could lead to local escalation of privilege with no additiona
In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional exe
In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with
In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio
In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege wi
There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction
Page 1+ Next →