Lucene search
K

952 matches found

Prion
Prion
added 2021/12/15 7:15 p.m.18 views

Code injection

In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.2CVSS7.7AI score0.00128EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.19 views

Input validation

In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.2CVSS7.7AI score0.0037EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.17 views

Design/Logic Flaw

In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

3.3CVSS7.2AI score0.00197EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.12 views

Out-of-bounds

In vorbisbookdecodevset of codebook.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-1...

9.3CVSS7.3AI score0.01012EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.12 views

Out-of-bounds

In WTInterpolateNoLoop of easwtengine.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

7.1CVSS6.2AI score0.00926EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.19 views

Information disclosure

In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

4.9CVSS5.1AI score0.00115EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.21 views

Memory corruption

In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges...

4.9CVSS5.5AI score0.00128EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.24 views

Integer overflow

In osimalloc and osicalloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

6.8CVSS8.2AI score0.00651EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.19 views

Design/Logic Flaw

In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.2CVSS7.6AI score0.00115EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.21 views

Information disclosure

In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-...

4.7CVSS5.1AI score0.0014EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.31 views

Input validation

In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetoo...

7.9CVSS7.8AI score0.00376EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.19 views

Deserialization of untrusted data

In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

7.2CVSS7.7AI score0.00202EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.16 views

Design/Logic Flaw

In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional...

6.9CVSS7.1AI score0.00173EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.21 views

Out-of-bounds

In phNxpNciHalprocessextrsp of phNxpNciHalext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

8.3CVSS8.8AI score0.00529EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.14 views

Design/Logic Flaw

In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user's contacts with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

4.7CVSS5.2AI score0.00137EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.14 views

Heap overflow

In C2SoftMP3::process of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

7.1CVSS6.4AI score0.00904EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.18 views

Privilege escalation

In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

6.9CVSS7.7AI score0.00133EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.18 views

Integer overflow

In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

1.9CVSS5AI score0.00113EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/15 7:15 p.m.12 views

Out-of-bounds

In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

4.3CVSS6.3AI score0.00649EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/12/15 6:6 p.m.43 views

CVE-2021-1038

CVE-2021-1038 describes a DoS via a tapjacking/overlay vulnerability in UserDetailsActivity of AndroidManifest.xml, affecting Android 9–12. The root cause is an overlay/tapjacking issue that can cause local denial of service with no extra privileges; exploitation requires user interaction per CVS...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder