14 matches found
EUVD-2021-6504
Malicious code in bioql PyPI...
EUVD-2021-3212
Malicious code in bioql PyPI...
EUVD-2021-3205
Malicious code in bioql PyPI...
CVE-2021-1037
The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11...
CVE-2021-1037
The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11...
CVE-2021-1037
The CVE-2021-1037 issue concerns a broadcast from the DevicePickerFragment when a new device is paired that lacks permission checks. Affected software: Android 9–12. Vulnerable component/behavior: the DevicePickerFragment broadcast is listenable by any app without BLUETOOTH permissions, enabling ...
CVE-2021-1037
The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11...
PT-2022-9144 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions 9 through 12 Description: The issue concerns a broadcast sent by DevicePickerFragment when a new device is paired, lacking permission checks. This allows any app to register and listen for the broadcast, enabling them to trac...
CVE-2021-0593
In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:...
Design/Logic Flaw
In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2021-0593
In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:...
ASB-A-179386068
In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
Privilege escalation
In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
ASB-A-182584940
In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitati...