Platform Packages Apps Managedprovisioning vulnerabilities

7 known vulnerabilities affecting platform/packages_apps_managedprovisioning.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
UNKNOWN7

Vulnerabilities

Page 1 of 1
CVE-2025-26454UNKNOWN≥ 16-next:0, < 16-next:2025-09-01≥ 15:0, < 15:2025-09-01+2 more2025-09-01
CVE-2025-26454 CVE-2025-26454: In validateUriSchemeAndPermission of DisclaimersParserImpl In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2025-26443UNKNOWN≥ 16-next:0, < 16-next:2025-06-01≥ 15:0, < 15:2025-06-01+2 more2025-06-01
CVE-2025-26443 CVE-2025-26443: In parseHtml of HtmlToSpannedParser In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
osv
CVE-2023-21275UNKNOWN≥ 13-next:0, < 13-next:2023-08-01≥ 12:0, < 12:2023-08-01+2 more2023-08-01
CVE-2023-21275 CVE-2023-21275: In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2022-20138UNKNOWN≥ 10:0, < 10:2022-06-01≥ 11:0, < 11:2022-06-01+2 more2022-06-01
CVE-2022-20138 CVE-2022-20138: In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2021-39692UNKNOWN≥ 10:0, < 10:2022-03-01≥ 11:0, < 11:2022-03-01+2 more2022-03-01
CVE-2021-39692 CVE-2021-39692: In onCreate of SetupLayoutActivity In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
osv
CVE-2021-0922UNKNOWN≥ 11:0, < 11:2021-11-012021-11-01
CVE-2021-0922 CVE-2021-0922: In enforceCrossUserOrProfilePermission of PackageManagerService In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACT_ACROSS_PROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2021-0445UNKNOWN≥ 9:0, < 9:2021-04-052021-04-01
CVE-2021-0445 CVE-2021-0445: In start of WelcomeActivity In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv