58 matches found
PT-2025-35634
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: A logic error in the code within setMediaButtonReceiver of multiple files may allow launching arbitrary activities from the background. This could lead to loc...
CVE-2024-49737
In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...
CVE-2023-20960
In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product...
CVE-2022-20319
In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...
CVE-2022-20550
In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...
CVE-2025-20957
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege...
CVE-2025-20957
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege...
CVE-2025-20957
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege...
CVE-2025-20957
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege...
ASB-A-317203980
In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-49737
In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...
CVE-2024-49737
In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...
PT-2025-2852 · Google · Android Windoworganizer
Name of the Vulnerable Software and Affected Versions: Android WindowOrganizer affected versions not specified Description: A logic error in the code of WindowOrganizerController.java allows for the launch of arbitrary activities as the system UID. This could lead to local escalation of privilege...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates in the WindowOrganizerController.java file's applyTaskFragmentOperation function, which contains a logic error that can be exploited by an...
PT-2024-18761 · Samsung · Samsung Data Store
Name of the Vulnerable Software and Affected Versions: Samsung Data Store versions prior to 5.3.00.4 Description: The issue is related to improper access control in Samsung Data Store, allowing local attackers to launch arbitrary activities with the privilege of Samsung Data Store. Recommendation...
Google Android Security Vulnerability
Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android that originates from a BackgroundLaunchProcessController BAL bypass, which could potentially launch arbitrary activities from the background...
CVE-2023-45777
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...
Privilege escalation
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...
PT-2023-29689 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a Parcel Mismatch in the checkKeyIntentParceledCorrectly function of AccountManagerService.java. This could allow an attacker to launch arbitrary activities usin...
CVE-2023-44121 LG ThinQ Service - Intent redirection with system privilege/LaunchAnyWhere
The vulnerability is an intent redirection in LG ThinQ Service "com.lge.lms2" in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action...