576 matches found
CVE-2020-0248
CVE-2020-0248 is an information-disclosure vulnerability in Android 10 involving the InstantAppNotifier’s postInstantAppNotif path. The root cause is a PendingIntent handling error that enables a local attacker to bypass permissions, leading to local information disclosure without user interactio...
ASB-A-154719656
In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...
ASB-A-154627439
In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2020-0188
In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Design/Logic Flaw
In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2020-0188
In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2020-0114
In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed...
CVE-2020-0114
In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed...
Design/Logic Flaw
In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed...
CVE-2020-0114
In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed...
Android Broadcast Assembly permission bypass vulnerability-vulnerability warning-the black bar safety net
Lolipop source code has been released some days, I found google in Android 5.0 on the Fix a high risk vulnerability, exploit the vulnerability you can send any broadcast: not only can you send a system protection level of the broadcast, you can also ignore receiver android:exported=false...
CVE-2014-8609
The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category...
CVE-2014-8609
The CVE-2014-8609 vulnerability affects the Android Settings application (pre-5.0.0) where AddAccountSettings.java creates a PendingIntent incorrectly. This allows a third-party authenticator to trigger a broadcast using the SYSTEM UID, potentially injecting arbitrary component, action, or catego...
Android Settings Pendingintent Leak Vulnerability
In Android versions prior to 5.0 and possibly greater than and equal to 4.0, Settings application leaks Pendingintent with a blank base intent neither the component nor the action is explicitly set to third party applications. Due to this, a malicious app can use this to broadcast intent with the...
Android Settings Pendingintent Leak
INTRODUCTION ================================== In Android = 4.0, Settings application leaks Pendingintent with a blank base intent neither the component nor the action is explicitly set to third party application, bad app can use this to broadcast intent with the same permissions and identity of...
Android Bug 1 7 3 5 6 8 2 4 BroadcastAnywhere vulnerability analysis-vulnerability warning-the black bar safety net
2 0 1 4 year 8 month, retme analysis of Android to fix a vulnerability, and the name for the launchAnyWhere1 In debugging this vulnerability, I found the Settings Application there is also a similar vulnerability, and 9 reported to the Android Security Team, title, Privilege escalation...