Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-5899

Summary
Assigner-Google
Assigner Org ID-14ed7db2-1595-443d-9d34-6215bf890778
Published At-18 Jun, 2024 | 08:12
Updated At-11 Sep, 2025 | 14:15
Rejected At-
Credits

Improper trust check in Bazel Build intellij plugin

When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This method, as its name suggests is intended to create a new project, not to import an existing one.  We recommend upgrading to version 2024.06.04.0.2 or beyond for the IntelliJ, CLion and Android Studio Bazel plugins.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Google
Assigner Org ID:14ed7db2-1595-443d-9d34-6215bf890778
Published At:18 Jun, 2024 | 08:12
Updated At:11 Sep, 2025 | 14:15
Rejected At:
▼CVE Numbering Authority (CNA)
Improper trust check in Bazel Build intellij plugin

When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This method, as its name suggests is intended to create a new project, not to import an existing one.  We recommend upgrading to version 2024.06.04.0.2 or beyond for the IntelliJ, CLion and Android Studio Bazel plugins.

Affected Products
Vendor
BazelBuild
Product
intellij plugin
Collection URL
https://github.com/bazelbuild/intellij
Repo
https://github.com/bazelbuild/intellij
Default Status
unaffected
Versions
Affected
  • From 0 before 2024.06.04.0.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
4.01.0LOW
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Version: 4.0
Base score: 1.0
Base severity: LOW
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-115CAPEC-115 Authentication Bypass
CAPEC ID: CAPEC-115
Description: CAPEC-115 Authentication Bypass
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/bazelbuild/intellij/security/advisories/GHSA-hh9f-wmhw-46vg
N/A
https://github.com/bazelbuild/intellij/releases/tag/v2024.06.04-aswb-stable
N/A
Hyperlink: https://github.com/bazelbuild/intellij/security/advisories/GHSA-hh9f-wmhw-46vg
Resource: N/A
Hyperlink: https://github.com/bazelbuild/intellij/releases/tag/v2024.06.04-aswb-stable
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/bazelbuild/intellij/security/advisories/GHSA-hh9f-wmhw-46vg
x_transferred
https://github.com/bazelbuild/intellij/releases/tag/v2024.06.04-aswb-stable
x_transferred
Hyperlink: https://github.com/bazelbuild/intellij/security/advisories/GHSA-hh9f-wmhw-46vg
Resource:
x_transferred
Hyperlink: https://github.com/bazelbuild/intellij/releases/tag/v2024.06.04-aswb-stable
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve-coordination@google.com
Published At:18 Jun, 2024 | 09:15
Updated At:26 Sep, 2025 | 16:47

When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This method, as its name suggests is intended to create a new project, not to import an existing one.  We recommend upgrading to version 2024.06.04.0.2 or beyond for the IntelliJ, CLion and Android Studio Bazel plugins.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.01.0LOW
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 4.0
Base score: 1.0
Base severity: LOW
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches

Google LLC
google
>>bazel_for_android_studio>>Versions before 2024.06.04.0.2(exclusive)
cpe:2.3:a:google:bazel_for_android_studio:*:*:*:*:*:*:*:*
Google LLC
google
>>bazel_for_clion>>Versions before 2024.06.04.0.2(exclusive)
cpe:2.3:a:google:bazel_for_clion:*:*:*:*:*:*:*:*
Google LLC
google
>>bazel_for_intellij>>Versions before 2024.06.04.0.2(exclusive)
cpe:2.3:a:google:bazel_for_intellij:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Secondarycve-coordination@google.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-862
Type: Secondary
Source: cve-coordination@google.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/bazelbuild/intellij/releases/tag/v2024.06.04-aswb-stablecve-coordination@google.com
Release Notes
https://github.com/bazelbuild/intellij/security/advisories/GHSA-hh9f-wmhw-46vgcve-coordination@google.com
Vendor Advisory
https://github.com/bazelbuild/intellij/releases/tag/v2024.06.04-aswb-stableaf854a3a-2127-422b-91ae-364da2661108
Release Notes
https://github.com/bazelbuild/intellij/security/advisories/GHSA-hh9f-wmhw-46vgaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://github.com/bazelbuild/intellij/releases/tag/v2024.06.04-aswb-stable
Source: cve-coordination@google.com
Resource:
Release Notes
Hyperlink: https://github.com/bazelbuild/intellij/security/advisories/GHSA-hh9f-wmhw-46vg
Source: cve-coordination@google.com
Resource:
Vendor Advisory
Hyperlink: https://github.com/bazelbuild/intellij/releases/tag/v2024.06.04-aswb-stable
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Hyperlink: https://github.com/bazelbuild/intellij/security/advisories/GHSA-hh9f-wmhw-46vg
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

752Records found

CVE-2022-33726
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.09% / 0.46%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:20
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-561
Dead Code
CVE-2021-37964
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-3.3||LOW
EPSS-0.51% / 39.43%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxchrome_osfedoraChrome
CVE-2026-13942
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.12% / 1.92%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-02 Jul, 2026 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chrome_oschromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-13955
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.11% / 1.57%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-02 Jul, 2026 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0992
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.11% / 1.71%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:05
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180104327

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2021-25455
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.19% / 9.16%
||
7 Day CHG+0.01%
Published-09 Sep, 2021 | 18:04
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-26450
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.08% / 0.13%
||
7 Day CHG~0.00%
Published-04 Sep, 2025 | 17:14
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2025-26418
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.07% / 0.04%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 21:14
Updated-03 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2025-26437
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 0.11%
||
7 Day CHG~0.00%
Published-04 Sep, 2025 | 17:14
Updated-08 Sep, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2025-26440
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.08% / 0.34%
||
7 Day CHG~0.00%
Published-04 Sep, 2025 | 17:11
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of CameraService.cpp, there is a possible way to use the camera from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2025-26445
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 0.11%
||
7 Day CHG~0.00%
Published-04 Sep, 2025 | 17:14
Updated-08 Sep, 2025 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2022-42778
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-7.8||HIGH
EPSS-0.09% / 0.59%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616t770t610androidt612t606s8000sc9832et760sc7731esc9863at618SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2025-22439
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.3||HIGH
EPSS-0.08% / 0.16%
||
7 Day CHG~0.00%
Published-02 Sep, 2025 | 22:11
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2025-22414
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.08% / 0.14%
||
7 Day CHG~0.00%
Published-04 Sep, 2025 | 19:23
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2024-40652
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.3||HIGH
EPSS-0.08% / 0.24%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 00:09
Updated-17 Dec, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-862
Missing Authorization
CVE-2026-8547
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.26% / 17.04%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 19:52
Updated-19 May, 2026 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-windowschromeChrome
CWE ID-CWE-862
Missing Authorization
CVE-2022-42766
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-6.6||MEDIUM
EPSS-0.08% / 0.24%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8011sc9832et760sc7731esc9863at618SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8011
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-862
Missing Authorization
CVE-2022-42777
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-7.8||HIGH
EPSS-0.09% / 0.62%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616t770t610androidt612t606s8000sc9832et760sc7731esc9863at618SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-42782
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 0.30%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8007
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-862
Missing Authorization
CVE-2022-39112
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 0.94%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-39090
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.47%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t606t610sc9832et618s8000t310t612t760t770t820t616androidsc7731esc9863aSC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-39104
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 1.14%
||
7 Day CHG~0.00%
Published-04 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In contacts service, there is a missing permission check. This could lead to local denial of service in Contacts service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-39117
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-8.1||HIGH
EPSS-0.13% / 3.14%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-39099
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.36%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t606t610sc9832et618s8000t310t612t760t770t820t616androidsc7731esc9863aSC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-39103
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 0.34%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-39100
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.36%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-sc7731esc9832et310t606t616androidt610t760t618t770sc9863at612t820s8000SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-39092
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.47%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t606t610sc9832et618s8000t310t612t760t770t820t616androidsc7731esc9863aSC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-39087
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 4.29%
||
7 Day CHG~0.00%
Published-04 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-862
Missing Authorization
CVE-2022-39102
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.36%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-sc7731esc9832et310t606t616androidt610t760t618t770sc9863at612t820s8000SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-39094
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.36%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t606t610sc9832et618s8000t310t612t760t770t820t616androidsc7731esc9863aSC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-39119
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-7.8||HIGH
EPSS-0.09% / 0.79%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:39
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In network service, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-39111
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.35%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-39082
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 4.29%
||
7 Day CHG~0.00%
Published-04 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t612t618sc9832eandroidt616s8000t610t760t820t606t770sc9863at310sc7731eSC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-862
Missing Authorization
CVE-2022-39110
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.35%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-39097
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-7.8||HIGH
EPSS-0.10% / 1.27%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t606t610sc9832et618s8000t310t612t760t770t820t616androidsc7731esc9863aSC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-39109
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.35%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-38682
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 1.14%
||
7 Day CHG~0.00%
Published-04 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t612t618sc9832eandroidt616s8000t610t760t820t606t770sc9863at310sc7731eSC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-38678
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 1.14%
||
7 Day CHG~0.00%
Published-04 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t612t618sc9832eandroidt616s8000t610t760t820t606t770sc9863at310sc7731eSC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-38687
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 1.02%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-862
Missing Authorization
CVE-2022-38689
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 1.97%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-862
Missing Authorization
CVE-2022-38669
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.51%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-38683
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 1.14%
||
7 Day CHG~0.00%
Published-04 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t612t618sc9832eandroidt616s8000t610t760t820t606t770sc9863at310sc7731eSC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-38697
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 0.58%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-38688
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 1.09%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-862
Missing Authorization
CVE-2022-38685
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 0.48%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 01:21
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bluetooth service, there is a possible missing permission check. This could lead to local denial of service in bluetooth service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616t770t610androidt612t606s8000sc9832et760sc7731esc9863at618SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2025-0086
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.2||MEDIUM
EPSS-0.12% / 2.51%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 22:48
Updated-02 Sep, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2022-38684
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 1.14%
||
7 Day CHG~0.00%
Published-04 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t612t618sc9832eandroidt616s8000t610t760t820t606t770sc9863at310sc7731eSC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-862
Missing Authorization
CVE-2022-38679
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 0.28%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-862
Missing Authorization
CVE-2025-0076
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.08% / 0.18%
||
7 Day CHG~0.00%
Published-04 Sep, 2025 | 18:33
Updated-05 Sep, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0401
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.28% / 19.64%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 15:28
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150857253

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 15
  • 16
  • Next
Details not found