Search CVE reports
11 – 20 of 614 results
In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed...
1 affected package
android-platform-frameworks-base
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| android-platform-frameworks-base | Ignored | Ignored | Ignored | Ignored |
In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed....
1 affected package
android-platform-frameworks-base
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| android-platform-frameworks-base | Ignored | Ignored | Ignored | Ignored |
In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User...
1 affected package
android-platform-frameworks-base
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| android-platform-frameworks-base | Ignored | Ignored | Ignored | Ignored |
In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges...
1 affected package
android-framework-23
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| android-framework-23 | Ignored | Ignored | Ignored | Ignored |
In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed...
1 affected package
android-platform-frameworks-base
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| android-platform-frameworks-base | Ignored | Ignored | Ignored | Ignored |
In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction...
1 affected package
android-platform-frameworks-base
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| android-platform-frameworks-base | Ignored | Ignored | Ignored | Ignored |
Some fixes available 37 of 163
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this...
65 affected packages
gcc-7, gcc-3.3, gcc-4.4, gcc-4.6, gcc-4.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gcc-7 | Not in release | Not in release | Vulnerable | Vulnerable |
| gcc-3.3 | Not affected | Not affected | Not affected | Not affected |
| gcc-4.4 | Not in release | Not in release | Not in release | Not in release |
| gcc-4.6 | Not in release | Not in release | Not in release | Not in release |
| gcc-4.7 | Not in release | Not in release | Not in release | Not in release |
| gcc-4.8 | Not in release | Not in release | Not in release | Vulnerable |
| gcc-4.9 | Not in release | Not in release | Not in release | Not in release |
| gcc-5 | Not in release | Not in release | Not in release | Vulnerable |
| gcc-6 | Not in release | Not in release | Not in release | Vulnerable |
| gcc-8 | Not in release | Not in release | Vulnerable | Vulnerable |
| gcc-9 | Fixed | Vulnerable | Vulnerable | Not in release |
| gcc-10 | Fixed | Fixed | Fixed | Not in release |
| gcc-11 | Fixed | Fixed | Not in release | Not in release |
| gcc-12 | Fixed | Fixed | Not in release | Not in release |
| gcc-13 | Fixed | Not in release | Not in release | Not in release |
| gcc-4.9-cross | Not in release | Not in release | Not in release | Ignored |
| gcc-5-cross | Not in release | Not in release | Not in release | Vulnerable |
| gcc-5-cross-ports | Not in release | Not in release | Not in release | Vulnerable |
| gcc-6-cross | Not in release | Not in release | Not in release | Vulnerable |
| gcc-6-cross-ports | Not in release | Not in release | Not in release | Vulnerable |
| gcc-7-cross | Not in release | Not in release | Not in release | Vulnerable |
| gcc-7-cross-ports | Not in release | Not in release | Not in release | Vulnerable |
| gcc-8-cross | Not in release | Not in release | Vulnerable | Vulnerable |
| gcc-8-cross-ports | Not in release | Not in release | Vulnerable | Vulnerable |
| gcc-9-cross | Fixed | Vulnerable | Vulnerable | Not in release |
| gcc-9-cross-mipsen | Not affected | Not affected | Not affected | Not in release |
| gcc-9-cross-ports | Vulnerable | Vulnerable | Vulnerable | Not in release |
| gcc-10-cross | Fixed | Vulnerable | Vulnerable | Not in release |
| gcc-10-cross-mipsen | Not affected | Not affected | Not affected | Not in release |
| gcc-10-cross-ports | Vulnerable | Vulnerable | Vulnerable | Not in release |
| gcc-11-cross | Fixed | Vulnerable | Not in release | Not in release |
| gcc-11-cross-mipsen | Not affected | Not in release | Not in release | Not in release |
| gcc-11-cross-ports | Vulnerable | Vulnerable | Not in release | Not in release |
| gcc-12-cross | Fixed | Vulnerable | Not in release | Not in release |
| gcc-12-cross-mipsen | Not affected | Not in release | Not in release | Not in release |
| gcc-12-cross-ports | Vulnerable | Vulnerable | Not in release | Not in release |
| gcc-13-cross | Not affected | Not in release | Not in release | Not in release |
| gcc-13-cross-ports | Fixed | Not in release | Not in release | Not in release |
| gcc-or1k-elf | Not affected | Not affected | Not in release | Ignored |
| gcc-riscv64-unknown-elf | Not affected | Not affected | Not affected | Ignored |
| gcc-xtensa-lx106 | Not in release | Not affected | Not affected | Ignored |
| gcc-snapshot | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| gcc-i686-linux-android | Not in release | Not in release | Not in release | Not in release |
| gcc-4.7-armel-cross | Not in release | Not in release | Not in release | Not in release |
| gcc-4.7-armhf-cross | Not in release | Not in release | Not in release | Not in release |
| gcc-4.8-arm64-cross | Not in release | Not in release | Not in release | Not in release |
| gcc-4.8-armhf-cross | Not in release | Not in release | Not in release | Not in release |
| gcc-4.8-powerpc-cross | Not in release | Not in release | Not in release | Not in release |
| gcc-4.8-ppc64el-cross | Not in release | Not in release | Not in release | Not in release |
| gcc-arm-linux-androideabi | Not in release | Not in release | Not in release | Not in release |
| gcc-arm-none-eabi | Not affected | Not affected | Not affected | Not affected |
| gcc-avr | Not affected | Not affected | Not affected | Not affected |
| gcc-defaults | Not affected | Not affected | Not affected | Not affected |
| gcc-defaults-arm64-cross | Not in release | Not in release | Not in release | Not in release |
| gcc-defaults-armel-cross | Not in release | Not in release | Not in release | Not in release |
| gcc-defaults-armhf-cross | Not in release | Not in release | Not in release | Not in release |
| gcc-defaults-powerpc-cross | Not in release | Not in release | Not in release | Not in release |
| gcc-defaults-ppc64el-cross | Not in release | Not in release | Not in release | Not in release |
| gcc-h8300-hms | Not affected | Not affected | Not affected | Not affected |
| gcc-m68hc1x | Not in release | Not affected | Not affected | Not affected |
| gcc-mingw-w64 | Not affected | Not affected | Not affected | Not affected |
| gcc-msp430 | Not in release | Not affected | Not affected | Not affected |
| gcc-opt | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| gccgo-4.9 | Not in release | Not in release | Not in release | Not in release |
| gccgo-6 | Not in release | Not in release | Not in release | Not in release |
In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User...
1 affected package
android-platform-frameworks-base
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| android-platform-frameworks-base | Ignored | Ignored | Ignored | Ignored |
In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
1 affected package
android-framework-23
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| android-framework-23 | Ignored | Ignored | Ignored | Ignored |
In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed....
1 affected package
android-framework-23
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| android-framework-23 | Ignored | Ignored | Ignored | Ignored |