18 matches found
CVE-2026-0020
In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
EUVD-2025-37166
Malicious code in epic-consent-dialog npm...
Malicious code in epic-consent-dialog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ab01762eb52cfb3e852d9ab46d5f8216fb6ef716a47c97f247a4a99f68abaca The package epic-consent-dialog was found to contain malicious code...
MAL-2025-49127 Malicious code in epic-consent-dialog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ab01762eb52cfb3e852d9ab46d5f8216fb6ef716a47c97f247a4a99f68abaca The package epic-consent-dialog was found to contain malicious code...
EUVD-2014-7772
Malware in sbrugna...
EUVD-2021-3053
Malicious code in bioql PyPI...
EUVD-2021-6486
Malicious code in bioql PyPI...
EUVD-2021-3552
Malicious code in bioql PyPI...
CVE-2021-1019
In snoozeNotification of NotificationListenerService.java, there is a possible permission confusion due to a misleading user consent dialog. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...
CVE-2021-0933
In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetoo...
Input validation
In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetoo...
CVE-2021-1019
In snoozeNotification of NotificationListenerService.java, there is a possible permission confusion due to a misleading user consent dialog. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...
PT-2021-13362 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions 9 through 12 Description: The issue is related to improper input validation in the onCreate method of certain activities, allowing HTML tags to interfere with a consent dialog. This could lead to remote escalation of privileg...
ASB-A-172251622
In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetoo...
Microsoft Windows Text Services Framework MSCTF - Multiple Vulnerabilities
The msctf subsystem is part of the Text Services Framework, The TSF manages things like input methods, keyboard layouts, text processing and so on. There are two main components, the ctfmon server and the msctf client. The ctfmon service creates an ALPC port in a well known location, to which...
CVE-2014-7922
The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding opt parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scop...
CVE-2014-7922
The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding opt parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scop...
CVE-2014-7922
CVE-2014-7922 involves the GoogleAuthUtil.getToken method in the Google Play services SDK prior to 2015. The vulnerability arises when the code sets parameters in OAuth token requests after detecting a corresponding opt parameter in the Bundle extras argument, enabling a crafted application to by...