18 matches found
CVE-2022-20394
In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android versions 10, 11, and 12, which stems from an eavesdropping/overwriting attack in onCreate of MasterClearConfirmFragment.java, which may restore factory settings and cause a...
PT-2023-12638 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions 10 through 12 Description: The issue concerns a tapjacking attack vulnerability in the In Car Settings app, specifically with the toggle button in Modify system settings. This allows attackers to overlay the toggle button,...
PT-2022-14666 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-12L Description: The issue is related to a tapjacking/overlay attack in the ReviewPermissionsActivity.java file. This could allow granting permissions for a separate app on devices with API level le...
PT-2022-14694 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-12L Description: The issue is related to the setEnabledSetting function in PackageManager.java, which can cause the device to enter an infinite reboot loop due to resource exhaustion. This can lead ...
UNISOC chipset 安全漏洞
UNISOC chipset is an integrated circuit chipset from China's Zilight Zhanrui UNISOC. A security vulnerability exists in UNISOC chipsets SC9863A, SC9832E, SC7731E, T610, T310, T606, T760, T610, T618, T606, T612, T616, T760, T770, T820, S8000, which originates from a lack of privilege checking in t...
UNISOC chipset 安全漏洞
UNISOC chipset is an integrated circuit chipset from China's Zilight Zhanrui UNISOC. A security vulnerability exists in UNISOC chipsets SC9863A, SC9832E, SC7731E, T610, T310, T606, T760, T610, T618, T606, T612, T616, T760, T770, T820, S8000, which originates from a lack of privilege checking in t...
UNISOC chipset 安全漏洞
UNISOC chipset is an integrated circuit chipset from China's Zilight Zhanrui UNISOC. A security vulnerability exists in UNISOC chipsets SC9863A, SC9832E, SC7731E, T610, T310, T606, T760, T610, T618, T606, T612, T616, T760, T770, T820, S8000, which originates from a lack of privilege checking in t...
UNISOC chipset 安全漏洞
UNISOC chipset is an integrated circuit chipset from China's Unisoc Corporation. A security vulnerability exists in UNISOC chipset due to a lack of privilege checking in the gallery service, which could be exploited by an attacker to cause a local denial of service, and the following products and...
UNISOC chipset 缓冲区错误漏洞
UNISOC chipset is an integrated circuit chipset from China's Unisoc Corporation. A security vulnerability exists in the UNISOC chipset. The vulnerability stems from a lack of boundary checking in the sensor driver, which may result in out-of-bounds writes, and may be exploited by an attacker to...
Google Android 缓冲区错误漏洞
Google Android is a Linux-based open source operating system from the American company Google. A security vulnerability exists in Google Android 10, Android 11, and Android 12, which stems from a lack of boundary checking in the jpg driver, which may allow out-of-bounds writes...
PT-2022-14587 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-12L Description: The issue is related to a missing permission check in the setChecked method of SecureNfcPreferenceController.java. This could lead to local escalation of privilege from the guest us...
CVE-2022-20147
In nfadmchecksetconfig of nfadmmain.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2022-20135
In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12...
CVE-2022-20005
In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
MediaTek多款产品安全漏洞
MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in MediaTek, which can be exploited by attackers to cause an escalation of privileges. The following products and versions are affected: chips, MT6731, MT6732, MT6735, MT6737, MT6739,...
CVE-2021-39667
In ih264dparsedecodeslice of ih264dparseslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-39631
In cleardatadlgtext of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not...