EUVD-2021-6480

Malicious code in bioql PyPI...

CVE-2023-20906

In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no additional execution...

CVE-2023-21270

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User...

PT-2023-17696 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: A permissions bypass issue in the PermissionManagerService.java allows for silent granting of a permission after a Target SDK update. This could lead to local escalation of privilege...

CVE-2023-20971

CVE-2023-20971 affects the Android Framework in PermissionManagerServiceImpl.java (removePermission) where a logic error could allow obtaining dangerous permissions without user consent, enabling local elevation of privilege with no extra execution privileges and no user interaction needed. The i...

CVE-2021-1013

In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no...

CVE-2021-1013

In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no...

CVE-2021-1013

CVE-2021-1013 affects Android 12 (e.g., Pixel devices). In PermissionManagerService.java’s checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission, a side-channel information-disclosure path can determine whether an app is installed without query permissions. This enables local information...

PUB-A-186404356

In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no...

Xxe

In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-0486

In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-0306

In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITYRECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no...

Design/Logic Flaw

In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITYRECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no...

CVE-2021-0307

CVE-2021-0307 is an Android elevation-of-privilege issue in updatePermissionSourcePackage within PermissionManagerService.java. A careless deputy flaw could allow a malicious app on Android 10–11 to gain a dangerous permission automatically, without user interaction, leading to local privilege es...

ASB-A-154505240

In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITYRECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no...

CVE-2019-2200

In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...