Lucene search
K

165 matches found

OSV
OSV
added 2022/01/21 6:13 p.m.17 views

GHSA-R8J4-96MX-RJCC Improper Restriction of XML External Entity Reference in skylot/jadx

skylot/jadx prior to 1.3.2 is vulnerable to Improper Restriction of XML External Entities when a user is tricked into exporting a malicious APK file via the -e option containing a crafted AndroidManifest.xml / strings.xml to gradle, leading to possible local file disclosure...

5.5CVSS5.1AI score0.01059EPSS
Exploits1References4
CNVD
CNVD
added 2022/01/18 12:0 a.m.19 views

Google Android Automotive Os Elevation of Privilege Vulnerability

Google Android Automotive Os is an operating system and platform from Google that runs directly on in-vehicle hardware. Google Android Automotive Os suffers from an elevation of privilege vulnerability that originates in LocationSettingsActivity in AndroidManifest.xml, where an EoP is possible du...

7.8CVSS7.7AI score0.0032EPSS
Exploits0References1
CVE
CVE
added 2022/01/14 7:11 p.m.59 views

CVE-2021-1036

CVE-2021-1036 corresponds to an elevation-of-privilege vulnerability in Android’s LocationSettingsActivity via a tapjacking/overlay attack. Public records across NVD, Red Hat, CNVD and related sources confirm: affected products are Android 9–12 (and specifically AAOS references) with the vulnerab...

7.8CVSS7.6AI score0.0032EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/12/15 7:15 p.m.16 views

CVE-2021-1038

In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

5.5CVSS0.00111EPSS
Exploits0References1
Prion
Prion
added 2021/12/15 7:15 p.m.18 views

Privilege escalation

In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

6.9CVSS7.7AI score0.00133EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.13 views

Design/Logic Flaw

In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

4.6CVSS7.6AI score0.00104EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/15 6:6 p.m.14 views

CVE-2021-1038

In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

6.1AI score0.00111EPSS
Exploits0References1
CVE
CVE
added 2021/12/15 6:6 p.m.43 views

CVE-2021-1038

CVE-2021-1038 describes a DoS via a tapjacking/overlay vulnerability in UserDetailsActivity of AndroidManifest.xml, affecting Android 9–12. The root cause is an overlay/tapjacking issue that can cause local denial of service with no extra privileges; exploitation requires user interaction per CVS...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/15 6:6 p.m.14 views

CVE-2021-1039

In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

7.9AI score0.00133EPSS
Exploits0References1
CVE
CVE
added 2021/12/15 6:6 p.m.48 views

CVE-2021-1039

CVE-2021-1039 affects Android Platform apps: NotificationAccessActivity in AndroidManifest.xml can enable a local elevation of privilege via a tapjacking/overlay trick. Affected: Android 9–12. Root cause: overlay/tapjacking allows bypass of user interaction requirements to gain higher privileges ...

7.8CVSS7.6AI score0.00133EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/12/15 6:6 p.m.72 views

CVE-2021-0999

CVE-2021-0999 affects Android 12 and relates to the broadcast definition in AndroidManifest.xml that can set the A2DP Bluetooth device connection state due to a missing permission check. The underlying issue is a privilege-escalation flaw that does not require user interaction and can be exploite...

7.8CVSS7.6AI score0.00104EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/12/01 12:0 a.m.10 views

PUB-A-196858999

In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.8AI score0.00104EPSS
Exploits0References2
OSV
OSV
added 2021/12/01 12:0 a.m.5 views

PUB-A-182583850

In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

7.8CVSS7.8AI score0.0012EPSS
Exploits0References2
Hacker One
Hacker One
added 2021/08/31 11:32 a.m.14 views

Reddit: com.reddit.frontpage vulernable to Task Hijacking (aka StrandHogg Attack)

Summary: The app com.reddit.frontpage is vulnerable to Task Hijacking used by widespread Android trojans. Task hijacking allows malicious apps to inherit permissions of vulnerable apps and is usually used for phishing login credentials of victims. Impact: Assuming a malicious actor want's to grab...

1.8AI score
Exploits0
Cvelist
Cvelist
added 2020/12/15 3:54 p.m.24 views

CVE-2020-0481

In AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a non-system app to send a broadcast it shouldn't have permissions to send, with no additional execution privileges needed. User interaction is not needed for...

5.7AI score0.00127EPSS
Exploits0References1
NVD
NVD
added 2020/07/17 9:15 p.m.17 views

CVE-2020-0122

In the permission declaration for com.google.android.providers.gsf.permission.WRITEGSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...

7.2CVSS0.00171EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/17 8:9 p.m.13 views

CVE-2020-0122

In the permission declaration for com.google.android.providers.gsf.permission.WRITEGSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...

6.8AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2020/07/01 12:0 a.m.41 views

ASB-A-147247775

In the permission declaration for com.google.android.providers.gsf.permission.WRITEGSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

7.2CVSS6.6AI score0.00171EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/03/25 2:28 a.m.48 views

50m-ctf: $50 million CTF Writeup

Summary: For a brief overview of the challenge you can take a look at the following image: F451370 Below I will detail each step that I took to solve the CTF, moreover all the bad assumptions that led me to a dead end in some cases. Twitter The CTF begins with this tweet: F451371 What is this...

9.3CVSS8.7AI score0.9857EPSS
Exploits33
Prion
Prion
added 2018/11/14 6:29 p.m.13 views

Design/Logic Flaw

In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFICHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, wi...

7.2CVSS7.5AI score0.0018EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder