SUSE CVE-2017-5088

Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page...

CVE-2023-21442

Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R11 and 3.2.01.007 in Android S12 allows local attackers to get device location information...

DEBIAN-CVE-2023-0136

Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. Chromium security severity: Medium...

Design/Logic Flaw

In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product...

CVE-2022-20560

Product: AndroidVersions: Android kernelAndroid ID: A-212623833References: N/A...

PT-2022-14751 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version 13 Description: The issue is related to a side channel information disclosure in the getSmsRoleHolder function of RoleService.java. This could allow an attacker to determine whether an app is installed without requiring query...

PT-2022-14757 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a missing permission check in the onOptionsItemSelected method of ManageApplications.java, which could allow for a bypass of profile owner restrictions. This might lead to a loc...

PT-2022-14750 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: A missing permission check in the createDialog of WifiScanModeActivity.java allows a Guest user to enable location-sensitive settings. This could lead to local escalation of privilege from the Guest us...

PT-2022-14765 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a tapjacking/overlay attack in the onCreate method of LogAccessDialogActivity.java. This could allow bypassing a permission check, leading to local escalation of privilege with...

PT-2022-14721 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: In the onAttach method of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass. This could lead to local escalation of privilege with...

PT-2022-14731 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible access to restricted tables due to SQL injection in the MmsSmsProvider.java query. This could lead to local information disclosure with User execution privileges...

PT-2022-14756 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible display crash loop due to improper input validation, which could lead to local denial of service. System execution privileges are needed for exploitation, and user...

LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities

The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta. "The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities,"...

PT-2022-14669 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read due to a use after free in the PAN WriteBuf function of pan api.cc. This could lead to remote information disclosure over Bluetooth with no...

CVE-2022-20422

In emulationprochandler of armv8deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

PT-2022-25053 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to SMR Sep-2022 Release 1 Android version 3.3.03.66 in Android S12 Description: The issue is related to improper authorization in the Dynamic Lockscreen, allowing unauthorized use of the javascript interface api...

CVE-2022-20283

In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233069336...

CVE-2022-20246

In WindowManager, there is a possible bypass of the restrictions for starting activities from the background due to an incorrect UID/permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

PT-2022-14551 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version 13 Description: In Media, there is a possible code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

PT-2022-14480 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a logic error in the Bluetooth code, allowing a display-only device to be paired without PIN confirmation. This could lead to local escalation of privilege with no additional...