13 matches found
EUVD-2022-25689
Malicious code in bioql PyPI...
Google Android elevation of privilege vulnerability (CNVD-2022-81237)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that stems from proxy obfuscation in the CarSettings of the application package, which can be exploited by an attacker to cause an elevation of privilege i...
CVE-2022-20429
In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...
CVE-2022-20429
In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...
Design/Logic Flaw
In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...
CVE-2022-20429
CVE-2022-20429 affects Android’s CarSettings component across Android-10/11/12/12L. The issue enables a local elevation of privilege in Bluetooth settings via a confused deputy, requiring no user interaction and permitting an adjacent attacker with no privileges to exploit (per the referenced NVD...
CVE-2022-20429
In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...
CVE-2021-39738
In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-39738
In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...
Design/Logic Flaw
In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-39738
In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-39738
CVE-2021-39738 concerns Google Android CarSetings: a missing permission check allows pairing a Bluetooth device without user consent, enabling local elevation of privilege without extra execution privileges. Affected: CarSetings on Android 10, 11, 12, and 12L. Exploitation is described as local w...
Google Android CarSetings 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android CarSetings suffers from an elevation of privilege vulnerability that stems from a lack of privilege checking. An attacker exploits the vulnerability to bypass user consent to pair a BT device, resulting in a...