Lucene search
+L

166 matches found

Vulnrichment
Vulnrichment
added 2024/03/17 9:0 p.m.17 views

CVE-2024-2567 jurecapuder AndroidWeatherApp Backup File androidmanifest.xml backup

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, was found in jurecapuder AndroidWeatherApp 1.0.0 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to a...

1.8CVSS6.7AI score0.00213EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/10 11:0 p.m.32 views

CVE-2024-2364 Musicshelf Backup androidmanifest.xml backup

A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch...

1.8CVSS4.1AI score0.00333EPSS
Exploits1References3
NVD
NVD
added 2024/02/29 1:44 a.m.51 views

CVE-2024-26132

Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the files directory in the application's private data directory to an arbitrary room. The impact of th...

4CVSS4AI score0.00387EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:44 a.m.51 views

Design/Logic Flaw

Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the files directory in the application's private data directory to an arbitrary room. The impact of th...

2.1CVSS6.8AI score0.00387EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/20 6:30 p.m.13 views

CVE-2024-26132 Element Android can be asked to share internal files.

Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the files directory in the application's private data directory to an arbitrary room. The impact of th...

4CVSS6.4AI score0.00387EPSS
Exploits0References3
OSV
OSV
added 2024/02/20 6:30 p.m.37 views

CVE-2024-26132 Element Android can be asked to share internal files.

Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the files directory in the application's private data directory to an arbitrary room. The impact of th...

4CVSS4.9AI score0.00387EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2023/08/19 6:28 a.m.51 views

Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection

Threat actors are using Android Package APK files with unknown or unsupported compression methods to elude malware analysis. That's according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples can be loaded on t...

6.6AI score
Exploits0
OSV
OSV
added 2023/04/01 12:0 a.m.25 views

ASB-A-259942609

In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation...

5CVSS5AI score0.00092EPSS
Exploits0References2
Prion
Prion
added 2023/02/15 3:15 a.m.16 views

Design/Logic Flaw

In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

4.3CVSS7.7AI score0.00086EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/02/15 12:0 a.m.131 views

CVE-2023-20927

CVE-2023-20927 affects Android 13 (and related AAOS/Android Automotive OS entries) where a permissions bypass in AndroidManifest.xml could grant signature permissions, enabling local privilege escalation with no user interaction. Vulnerable component is AndroidManifest.xml permission handling; ro...

7.8CVSS7.7AI score0.00086EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.26 views

CVE-2023-20927

In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.9AI score0.00086EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.8 views

CVE-2023-20927

In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8AI score0.00086EPSS
Exploits0References1
Prion
Prion
added 2023/01/26 9:15 p.m.27 views

Code injection

In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

1.9CVSS5.4AI score0.00126EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.38 views

CVE-2022-20213

In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

6.1AI score0.00126EPSS
Exploits0References1
NVD
NVD
added 2022/07/13 7:15 p.m.21 views

CVE-2022-20212

In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

7.8CVSS0.00113EPSS
Exploits0References1
Prion
Prion
added 2022/07/13 7:15 p.m.23 views

Design/Logic Flaw

In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

4.4CVSS7.7AI score0.00113EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/07/13 6:27 p.m.25 views

CVE-2022-20212

In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

7.9AI score0.00113EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2022/06/09 4:39 p.m.22 views

New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing

A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. Dubbed Peekaboo by researchers from Carnegie Mellon University, the system "leverages an...

0.6AI score
Exploits0
Kitploit
Kitploit
added 2022/05/25 12:30 p.m.29 views

DroidDetective - A Machine Learning Malware Analysis Framework For Android Apps

A machine learning malware analysis framework for Android apps. DroidDetective is a Python tool for analysing Android applications APKs for potential malware related behaviour and configurations. When provided with a path to an application APK file Droid Detective will make a prediction using it'...

7.1AI score
Exploits0References3
CNVD
CNVD
added 2022/04/15 12:0 a.m.15 views

Google Android Elevation of Privilege Vulnerability (CNVD-2022-41833)

Google Android is a Linux-based open source operating system from Google, Inc. The vulnerability stems from a missing privilege check in the AdapterService and GattService definitions in AndroidManifest.xml, which could lead to disabling Bluetooth connectivity. An attacker could exploit the...

7.8CVSS4.8AI score0.0012EPSS
Exploits0References1
Rows per page
Query Builder