Lucene search
+L

78 matches found

OSV
OSV
added 2022/05/10 8:15 p.m.5 views

CVE-2022-20114

In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...

7.8CVSS5.9AI score0.00115EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/05/02 12:0 a.m.5 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android, which stems from a placeCall in TelecomManager.java, where the application can keep itself running through foreground service importance due to a privilege bypass. The...

7.8CVSS7.5AI score0.00115EPSS
Exploits0References4
OSV
OSV
added 2022/04/12 5:15 p.m.5 views

CVE-2021-39808

In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

7.8CVSS5.9AI score0.00104EPSS
Exploits0References1
OSV
OSV
added 2022/03/16 3:15 p.m.5 views

CVE-2021-39704

In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

7.8CVSS5.9AI score0.00189EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/16 3:15 p.m.3 views

CVE-2021-39701

In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User...

9.3CVSS7.2AI score0.00383EPSS
Exploits0References2
OSV
OSV
added 2022/03/16 3:15 p.m.5 views

CVE-2021-39701

In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS5.9AI score0.00383EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/16 3:15 p.m.5 views

CVE-2021-39704

In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

7.8CVSS7.2AI score0.00189EPSS
Exploits0References2
OSV
OSV
added 2021/12/15 7:15 p.m.5 views

CVE-2021-0981

In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...

7.8CVSS7.2AI score0.00116EPSS
Exploits0References1
Prion
Prion
added 2021/12/15 7:15 p.m.12 views

Input validation

In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...

4.6CVSS7.7AI score0.00116EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/15 6:6 p.m.36 views

CVE-2021-0981

In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...

7.9AI score0.00116EPSS
Exploits0References1
OSV
OSV
added 2021/10/22 2:15 p.m.5 views

CVE-2021-0705

In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS5.9AI score
Exploits0References1
CVE
CVE
added 2021/10/22 1:27 p.m.114 views

CVE-2021-0705

CVE-2021-0705 concerns the Android Framework component, specifically in sanitizeSbn of NotificationManagerService.java. The connected documents describe a vulnerability where an attacker could bypass Background Service Restrictions to keep a service running in the foreground while retaining grant...

7.8CVSS7.3AI score0.00251EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/03/10 4:15 p.m.4 views

CVE-2021-0398

In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...

7.8CVSS7.2AI score0.00127EPSS
Exploits0References1
Prion
Prion
added 2021/03/10 4:15 p.m.36 views

Design/Logic Flaw

In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...

4.6CVSS7.6AI score0.00127EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/03/01 12:0 a.m.49 views

ASB-A-173516292

In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.00127EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2020/12/06 1:27 p.m.169 views

Exploit for Improper Handling of Exceptional Conditions in Google Android

ServiceCheater CVE-2020-0113 & CVE-2020-0108 Analysis o...

7.8CVSS6.7AI score0.00498EPSS
Exploits1
The Hacker News
The Hacker News
added 2020/04/07 1:48 p.m.59 views

Unveiled: How xHelper Android Malware Re-Installs Even After Factory Reset

Remember xHelper? A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices—making it nearly impossible to remove. xHelper reportedly infected over 45,000 devices last year, and since then, cybersecurity researchers...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/04/07 1:48 p.m.5 views

Unveiled: How xHelper Android Malware Re-Installs Even After Factory Reset

Remember xHelper? A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices—making it nearly impossible to remove. xHelper reportedly infected over 45,000 devices last year, and since then, cybersecurity researchers...

6.1AI score
Exploits0
Rows per page
Query Builder