58 matches found
CVE-2023-21256
In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2023-21256
Summary: CVE-2023-21256 concerns Android’s SettingsHomepageActivity.java, where a logic error could let an attacker launch arbitrary activities from Settings, enabling local elevation of privilege. The vulnerability requires user interaction to exploit and is described across multiple sources (NV...
PT-2023-18041 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is caused by a logic error in the code of SettingsHomepageActivity.java, allowing the launch of arbitrary activities via Settings. This could lead to local escalation of...
CVE-2023-21131
In checkKeyIntentParceledCorrectly of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution...
CVE-2023-21131
In checkKeyIntentParceledCorrectly of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution...
CVE-2023-21131
In checkKeyIntentParceledCorrectly of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution...
ASB-A-265015796
In checkKeyIntentParceledCorrectly of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution...
Input validation
In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product...
CVE-2022-20550
In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...
CVE-2022-20319
In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...
CVE-2022-20319
In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...
Samsung SMR 输入验证错误漏洞
Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in Samsung SMR that stems from incorrect input validation in settings. An attacker exploited the vulnerability to launch arbitrary activities using...
CVE-2022-22292
Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity...
CVE-2022-22263
Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity...
CVE-2022-22263
Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity...
Samsung Internet Incorrect Component Protection Vulnerability Vulnerability
Samsung Internet is a cell phone application from Samsung South Korea. It provides a browser function. A security vulnerability exists in Samsung Internet, which can be exploited by an attacker to perform arbitrary activities under certain conditions...
Achievo v1.4.3 Multiple Authorization Flaws / CSRF Vulnerability
Exploit for php platform in category web applications ================================================================ Achievo v1.4.3 Multiple Authorization Flaws / CSRF Vulnerability ================================================================ Vulnerability Description: It is possible to...
Achievo 1.4.3 - Multiple Authorisation Vulnerabilities
Advisory Name: Multiple Authorization Flaws in Achievo 1.4.3 Internal Cybsec Advisory Id: 2010-08-02 Vulnerability Class: Authorization Flaw Release Date: 2010-Sept-28 Affected Applications: Achievo 1.4.3 other versions may be also vulnerable Affected Platforms: Any Local / Remote: Remote Severit...