EUVD-2026-5745

A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\PermissionController.java of the component...

EUVD-2024-51376

Malicious code in bioql PyPI...

CVE-2024-13143

CVE-2024-13143 affects ZeroWdd studentmanager 1.0. The issue is in the submitAddPermission function of PermissionController.java, where the argument url can be manipulated to trigger cross-site scripting. Attacks could be remote, and public exploits have been disclosed. Other parameters may also ...

CVE-2024-13143 ZeroWdd studentmanager PermissionController. java submitAddPermission cross site scripting

A vulnerability was found in ZeroWdd studentmanager 1.0. It has been rated as problematic. This issue affects the function submitAddPermission of the file src/main/java/com/zero/system/controller/PermissionController. java. The manipulation of the argument url leads to cross site scripting. The...

PT-2022-10925 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-12L Description: The issue allows for a tapjacking/overlay attack in the user interface buttons of PermissionController, potentially leading to local escalation of privilege without requiring...

ASB-A-223907044

In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2022-20271

In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

CVE-2022-20272

In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2022-20271

In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

Information disclosure

In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

Design/Logic Flaw

In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in the Google Android PermissionController component, which stems from misleading text that could misinterpret the permission set of the default SMS application...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in the Google Android PermissionController component that stems from a misdirection or UI inadequacy that could potentially grant certain permissions without user...

CVE-2022-20272

CVE-2022-20272 affects Android 13 and is tied to the PermissionController component. The issue stems from misleading text about the default SMS app’s permission set, which could lead to local information disclosure. Impact is limited to information exposure with user privileges required and explo...

CVE-2022-20272

In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2022-20271

CVE-2022-20271 affects Android 13, originating in the PermissionController. The issue enables a user-visible misdirection/insufficient UI to grant certain permissions without proper user consent, resulting in potential local elevation of privilege. The vulnerability is categorized as an EoP issue...

CVE-2022-20271

In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

Google Android Elevation of Privilege Vulnerability (CNVD-2022-63884)

Google Android is a Linux-based operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android versions 12 and 12L. The vulnerability stems from a logic error in the PermissionController component code, and there is a possible way to gain and retain privileges...

CVE-2022-20218

In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

Code injection

In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...