An issue was discovered on Samsung mobile devices with P(9.0) software. The MemorySaver Content Provider allows SQL injection. The Samsung ID is SVE-2019-14365 (August 2019).
Max CVSS
9.8
EPSS Score
0.09%
Published
2020-03-24
Updated
2020-03-30
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.
Max CVSS
9.8
EPSS Score
0.10%
Published
2018-07-15
Updated
2018-09-21
**DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method.
Max CVSS
9.8
EPSS Score
0.20%
Published
2018-03-27
Updated
2018-04-23
3 vulnerabilities found