Lucene search
+L

58 matches found

OSV
OSV
added 2023/07/13 12:15 a.m.8 views

CVE-2023-21256

In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS6AI score0.00108EPSS
Exploits0References2
CVE
CVE
added 2023/07/12 11:33 p.m.118 views

CVE-2023-21256

Summary: CVE-2023-21256 concerns Android’s SettingsHomepageActivity.java, where a logic error could let an attacker launch arbitrary activities from Settings, enabling local elevation of privilege. The vulnerability requires user interaction to exploit and is described across multiple sources (NV...

7.8CVSS7.7AI score0.00108EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.7 views

PT-2023-18041 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is caused by a logic error in the code of SettingsHomepageActivity.java, allowing the launch of arbitrary activities via Settings. This could lead to local escalation of...

7.8CVSS7.1AI score0.00108EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/06/15 7:15 p.m.3 views

CVE-2023-21131

In checkKeyIntentParceledCorrectly of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution...

7.8CVSS6.2AI score0.0009EPSS
Exploits0References2
NVD
NVD
added 2023/06/15 7:15 p.m.35 views

CVE-2023-21131

In checkKeyIntentParceledCorrectly of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution...

7.8CVSS7.8AI score0.0009EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/15 12:0 a.m.34 views

CVE-2023-21131

In checkKeyIntentParceledCorrectly of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution...

8AI score0.0009EPSS
Exploits0References1
OSV
OSV
added 2023/06/01 12:0 a.m.36 views

ASB-A-265015796

In checkKeyIntentParceledCorrectly of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution...

7.8CVSS7.8AI score0.0009EPSS
Exploits0References2
Prion
Prion
added 2023/03/24 8:15 p.m.13 views

Input validation

In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product...

6.5CVSS8.4AI score0.0022EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/16 12:0 a.m.5 views

CVE-2022-20550

In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

7.8AI score0.00125EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/12 3:15 p.m.7 views

CVE-2022-20319

In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

7.8CVSS7.3AI score0.00103EPSS
Exploits0References2
NVD
NVD
added 2022/08/12 3:15 p.m.23 views

CVE-2022-20319

In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

7.8CVSS0.00103EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/05/03 12:0 a.m.6 views

Samsung SMR 输入验证错误漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in Samsung SMR that stems from incorrect input validation in settings. An attacker exploited the vulnerability to launch arbitrary activities using...

7.7CVSS6.8AI score0.00137EPSS
Exploits0References2
OSV
OSV
added 2022/02/11 6:15 p.m.9 views

CVE-2022-22292

Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity...

7.8CVSS5.9AI score0.00131EPSS
Exploits0References1
OSV
OSV
added 2022/01/10 2:12 p.m.6 views

CVE-2022-22263

Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity...

5.5CVSS5.9AI score0.00093EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/01/10 2:12 p.m.8 views

CVE-2022-22263

Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity...

5.5CVSS6.2AI score0.00093EPSS
Exploits0References2
CNVD
CNVD
added 2021/06/17 12:0 a.m.12 views

Samsung Internet Incorrect Component Protection Vulnerability Vulnerability

Samsung Internet is a cell phone application from Samsung South Korea. It provides a browser function. A security vulnerability exists in Samsung Internet, which can be exploited by an attacker to perform arbitrary activities under certain conditions...

7.8CVSS6.9AI score0.00226EPSS
Exploits0References1
0day.today
0day.today
added 2010/09/29 12:0 a.m.15 views

Achievo v1.4.3 Multiple Authorization Flaws / CSRF Vulnerability

Exploit for php platform in category web applications ================================================================ Achievo v1.4.3 Multiple Authorization Flaws / CSRF Vulnerability ================================================================ Vulnerability Description: It is possible to...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/09/28 12:0 a.m.29 views

Achievo 1.4.3 - Multiple Authorisation Vulnerabilities

Advisory Name: Multiple Authorization Flaws in Achievo 1.4.3 Internal Cybsec Advisory Id: 2010-08-02 Vulnerability Class: Authorization Flaw Release Date: 2010-Sept-28 Affected Applications: Achievo 1.4.3 other versions may be also vulnerable Affected Platforms: Any Local / Remote: Remote Severit...

7.4AI score
Exploits0
Rows per page
Query Builder