22 matches found
EUVD-2021-26064
Malware in sbrugna...
EUVD-2022-25483
Malicious code in bioql PyPI...
CVE-2025-32326
In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent security check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
PT-2025-36059
Name of the Vulnerable Software and Affected Versions: versions prior to 2025-48535 Description: A parcel mismatch in assertSafeToStartCustomActivity of AppRestrictionsFragment.java may lead to a launch anywhere vulnerability due to unsafe deserialization. This could result in local escalation of...
CVE-2025-8192
There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Inten...
CVE-2025-8192 Race condition in AndroidTV TvSettings
There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Inten...
CVE-2025-8192
CVE-2025-8192 = TOCTOU race in TvSettings AppRestrictionsFragment.java on Android TV that allows starting an attacker supplied activity within the Settings context (system-uid), potentially enabling launchAnyWhere. Exploitation is local with low privileges and no user interaction, exploiting a wi...
PT-2025-31495 · Unknown · Tvsettings
Name of the Vulnerable Software and Affected Versions: TvSettings affected versions not specified Description: A TOCTOU race condition exists in AppRestrictionsFragment.java that allows an attacker to start a malicious activity within the Settings application's system-uid context, leading to the...
CVE-2024-43080
In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2024-43080
In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2024-43080
In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2024-43080
In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2024-43080
CVE-2024-43080 affects Android’s AppRestrictionsFragment.java, where unsafe deserialization can lead to a local escalation of privilege. The issue enables privilege elevation with no extra execution privileges, and exploitation requires user interaction. The CVE entry provides a high impact asses...
ASB-A-330722900
In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2022-20223
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20223
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20223
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
Google Android Elevation of Privilege Vulnerability (CNVD-2022-61751)
Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android, which is caused by an obfuscation proxy in AppRestrictionsFragment.java. The vulnerability is caused by an obfuscated proxy in assertSafeToStartCustomActivity. An...
ASB-A-223578534
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2021-39707
In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...