Lucene search
K

464 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/02 6:42 p.m.6 views

CVE-2026-0010

In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00094EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/02 6:42 p.m.5 views

EUVD-2025-208213

In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.1AI score0.00094EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 6:42 p.m.17 views

CVE-2025-48634

The CVE-2025-48634 entry involves Android’s WindowManagerService relayoutWindow where a missing permission check enables a local elevation-of-privilege (EoP) attack. The vulnerability can be exploited with no user interaction and does not require additional execution privileges. Connected documen...

8.4CVSS6.1AI score0.00094EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.3 views

PT-2026-22674

In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

6.1AI score0.00096EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/01 12:0 a.m.11 views

PT-2026-22683

Name of the Vulnerable Software and Affected Versions ActivityManagerService affected versions not specified Description A flaw exists in the dumpBitmapsProto function within ActivityManagerService.java that may allow an application to access private information because of a missing permission...

8.4CVSS6.2AI score0.00138EPSS
Exploits1References10
OSV
OSV
added 2026/03/01 12:0 a.m.17 views

ASB-A-465136263

In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00138EPSS
Exploits1References1
OSV
OSV
added 2026/03/01 12:0 a.m.5 views

ASB-A-406243581

In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00094EPSS
Exploits0References2
OSV
OSV
added 2026/03/01 12:0 a.m.3 views

ASB-A-379695596

Bulletin has no description...

5.8AI score
Exploits0
NVD
NVD
added 2026/01/27 12:15 p.m.8 views

CVE-2025-41728

A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially...

5.3CVSS0.00309EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/27 11:37 a.m.6 views

EUVD-2025-206409

A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References1
NVD
NVD
added 2026/01/21 6:16 p.m.6 views

CVE-2021-47884

OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject...

8.5CVSS0.00127EPSS
Exploits0References3
CVE
CVE
added 2026/01/21 5:27 p.m.21 views

CVE-2021-47884

Affected product and vulnerability: OKI Configuration Tool 1.6.53 with an unquoted service path in the OKI Local Port Manager service. The unquoted path is in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe', which can allow a local attacker to inject a malicious executable and escalate p...

8.5CVSS5.9AI score0.00127EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/21 5:27 p.m.18 views

CVE-2021-47884 Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path

OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject...

8.5CVSS0.00127EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.5 views

CVE-2023-40106

In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.1AI score0.00085EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:14 p.m.6 views

CVE-2018-9377

In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.8AI score0.00091EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:18 a.m.5 views

CVE-2021-0321

In enforceDumpPermissionForPackage of ActivityManagerService.java, there is a possible way to determine if a package is installed due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not...

5.5CVSS5.5AI score0.00153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:18 a.m.4 views

CVE-2021-0521

In getAllPackages of PackageManagerService, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of cross-user permissions with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS5.3AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:50 a.m.5 views

CVE-2022-42778

In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed...

7.8CVSS6.9AI score0.0009EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/09 5:27 p.m.3 views

CVE-2025-48628

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.8AI score0.00072EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/09 5:27 p.m.3 views

CVE-2025-48576

In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS6.1AI score0.00076EPSS
Exploits0References1
Rows per page
Query Builder