Platform Packages Apps Contacts vulnerabilities

8 known vulnerabilities affecting platform/packages_apps_contacts.

Total CVEs

8

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

UNKNOWN8

Vulnerabilities

Page 1 of 1

CVE-2025-48523UNKNOWN≥ 16-next:0, < 16-next:2025-09-01≥ 15:0, < 15:2025-09-01+3 more2025-09-01

CVE-2025-48523 CVE-2025-48523: In onCreate of SelectAccountActivity In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20134UNKNOWN≥ 10:0, < 10:2022-06-01≥ 11:0, < 11:2022-06-01+2 more2022-06-01

CVE-2022-20134 CVE-2022-20134: In readArguments of CallSubjectDialog In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0952UNKNOWN≥ 9:0, < 9:2021-12-01≥ 10:0, < 10:2021-12-01+2 more2021-12-01

CVE-2021-0952 CVE-2021-0952: In doCropPhoto of PhotoSelectionHandler In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user's contacts with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2021-0926UNKNOWN≥ 9:0, < 9:2021-11-01≥ 10:0, < 10:2021-11-01+2 more2021-11-01

CVE-2021-0926 CVE-2021-0926: In onCreate of NfcImportVCardActivity In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0603UNKNOWN≥ 11:0, < 11:2021-07-052021-07-01

CVE-2021-0603 CVE-2021-0603: In onCreate of ContactSelectionActivity In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

CVE-2021-0444UNKNOWN≥ 8.1:0, < 8.1:2021-04-01≥ 9:0, < 9:2021-04-01+2 more2021-04-01

CVE-2021-0444 CVE-2021-0444: In onActivityResult of QuickContactActivity In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2021-0446UNKNOWN≥ 11:0, < 11:2021-04-012021-04-01

CVE-2021-0446 CVE-2021-0446: In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

CVE-2020-0422UNKNOWN≥ 8.0:0, < 8.0:2020-10-01≥ 8.1:0, < 8.1:2020-10-01+3 more2020-10-01

CVE-2020-0422 CVE-2020-0422: In constructImportFailureNotification of NotificationImportExportListener In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.