Lucene search
K

4 matches found

OSV
OSV
added 2026/05/21 5:11 p.m.5 views

GHSA-763J-3P5V-JFC6 androidqf: APK download Path Traversal in device APK paths

Summary During device acquisition, getPathToLocalCopy constructs local filesystem paths for downloaded APKs using a filename component extracted by extractFileName. The extraction splits on ==/ and takes the remainder without sanitization. If a compromised device returns a crafted APK path...

4.8CVSS5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.11 views

PT-2026-37052

Name of the Vulnerable Software and Affected Versions apko versions 0.14.8 through 1.2.4 Description A crafted .apk file can install a TypeSymlink tar entry with a target pointing outside the build root. Subsequent directory-creation or file-write entries in the same or later archive can traverse...

7.5CVSS5.8AI score0.00352EPSS
Exploits0References11
CVE
CVE
added 2024/01/02 7:58 p.m.54 views

CVE-2023-49794

KernelSU (Kernel-based root solution for Android) versions ≤ 0.7.1 contain a bypass in the kernel module’s apk-path logic. This allows a malicious apk named me.weishu.kernelsu, or one with a package name matching the official KernelSU Manager, to obtain root privileges on the device. Exploitation...

7.8CVSS7.3AI score0.00254EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/01/02 7:58 p.m.19 views

CVE-2023-49794 The logic of get apk path in KernelSU module can be bypassed

KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named me.weishu.kernelsu get root permission. If a KernelSU module installed device try to install any not...

6.7CVSS7.6AI score0.00254EPSS
Exploits1References2
Rows per page
Query Builder