Lucene search
K

576 matches found

CVE
CVE
added 2020/08/11 7:28 p.m.112 views

CVE-2020-0248

CVE-2020-0248 is an information-disclosure vulnerability in Android 10 involving the InstantAppNotifier’s postInstantAppNotif path. The root cause is a PendingIntent handling error that enables a local attacker to bypass permissions, leading to local information disclosure without user interactio...

5.5CVSS5AI score0.00173EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/08/01 12:0 a.m.22 views

ASB-A-154719656

In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.1AI score0.00173EPSS
Exploits0References2
OSV
OSV
added 2020/08/01 12:0 a.m.31 views

ASB-A-154627439

In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.1AI score0.00173EPSS
Exploits0References2
OSV
OSV
added 2020/06/11 3:15 p.m.4 views

CVE-2020-0188

In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS7.2AI score0.00316EPSS
Exploits0References1
Prion
Prion
added 2020/06/11 3:15 p.m.21 views

Design/Logic Flaw

In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

4.6CVSS7.7AI score0.00316EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/11 2:43 p.m.22 views

CVE-2020-0188

In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

8.4AI score0.00316EPSS
Exploits0References1
OSV
OSV
added 2020/06/10 6:15 p.m.3 views

CVE-2020-0114

In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed...

7.8CVSS7.2AI score0.00336EPSS
Exploits0References1
NVD
NVD
added 2020/06/10 6:15 p.m.18 views

CVE-2020-0114

In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed...

7.8CVSS0.00336EPSS
Exploits0References1
Prion
Prion
added 2020/06/10 6:15 p.m.25 views

Design/Logic Flaw

In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed...

7.2CVSS8.1AI score0.00336EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/10 5:10 p.m.17 views

CVE-2020-0114

In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed...

7.9AI score0.00336EPSS
Exploits0References1
myhack58
myhack58
added 2015/08/02 12:0 a.m.39 views

Android Broadcast Assembly permission bypass vulnerability-vulnerability warning-the black bar safety net

Lolipop source code has been released some days, I found google in Android 5.0 on the Fix a high risk vulnerability, exploit the vulnerability you can send any broadcast: not only can you send a system protection level of the broadcast, you can also ignore receiver android:exported=false...

7.2AI score
Exploits0
NVD
NVD
added 2014/12/15 6:59 p.m.22 views

CVE-2014-8609

The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category...

7.2CVSS6.3AI score0.00637EPSS
Exploits3References4
CVE
CVE
added 2014/12/15 5:27 p.m.54 views

CVE-2014-8609

The CVE-2014-8609 vulnerability affects the Android Settings application (pre-5.0.0) where AddAccountSettings.java creates a PendingIntent incorrectly. This allows a third-party authenticator to trigger a broadcast using the SYSTEM UID, potentially injecting arbitrary component, action, or catego...

7.2CVSS6.4AI score0.00637EPSS
Exploits3References4Affected Software1
0day.today
0day.today
added 2014/11/26 12:0 a.m.58 views

Android Settings Pendingintent Leak Vulnerability

In Android versions prior to 5.0 and possibly greater than and equal to 4.0, Settings application leaks Pendingintent with a blank base intent neither the component nor the action is explicitly set to third party applications. Due to this, a malicious app can use this to broadcast intent with the...

7.2CVSS6.5AI score0.00637EPSS
Exploits3
Packet Storm
Packet Storm
added 2014/11/26 12:0 a.m.42 views

Android Settings Pendingintent Leak

INTRODUCTION ================================== In Android = 4.0, Settings application leaks Pendingintent with a blank base intent neither the component nor the action is explicitly set to third party application, bad app can use this to broadcast intent with the same permissions and identity of...

7.2CVSS6.7AI score0.00637EPSS
Exploits3
myhack58
myhack58
added 2014/11/17 12:0 a.m.42 views

Android Bug 1 7 3 5 6 8 2 4 BroadcastAnywhere vulnerability analysis-vulnerability warning-the black bar safety net

2 0 1 4 year 8 month, retme analysis of Android to fix a vulnerability, and the name for the launchAnyWhere1 In debugging this vulnerability, I found the Settings Application there is also a similar vulnerability, and 9 reported to the Android Security Team, title, Privilege escalation...

0.2AI score
Exploits0
Rows per page
Query Builder