182 matches found
Improper access control
Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability previously existed in SAMSUNG Mobile devices SMR May-2023 Release 1 version, which originated in Tips and allowed a local...
CVE-2023-21488
Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips...
CVE-2023-21488
Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips...
CVE-2023-21488
CVE-2023-21488 affects Samsung Tips prior to SMR May-2023 Release 1. Root cause: improper access control allowing local attackers to launch arbitrary activities in Tips. Affected software: Tips (Samsung mobile devices) before the May-2023 update. Mitigation: upgrade to SMR May-2023 Release 1 or l...
CVE-2023-21097
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...
CVE-2023-21097
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...
PT-2023-17891 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: A confused deputy issue in the toUriInner function of Intent.java allows launching an arbitrary activity, potentially leading to local escalation of privilege without requiring...
CVE-2023-20960
In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product...
PT-2023-17749 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-12L through Android-13 Description: The issue is related to improper input validation in the launchDeepLinkIntentToRight function of SettingsHomepageActivity.java. This could allow the launch of arbitrary activities,...
CVE-2023-20904
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2023-20904
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2023-20904
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
PT-2023-17694 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-12L through Android-13 Description: The issue is related to a possible launch of arbitrary activity due to an Intent mismatch in the code of SettingsActivity.java. This could lead to local escalation of privilege with...
CVE-2022-20550
In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...
PUB-A-242845514
In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
Samsung Wearable Manager Information Disclosure Vulnerability
Samsung Wearable Manager is an application for Samsung Samsung mobile devices that connects wearable devices to mobile devices. Samsung Wearable Manager is vulnerable to an information disclosure vulnerability that stems from the installation of an unprotected dynamic receiver, which could be...
CVE-2022-33685
Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information...
CVE-2022-33685
Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information...
CVE-2022-33685
Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information...