8 matches found
CVE-2023-21088
In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
CVE-2023-21081
In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
CVE-2023-42531
Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background...
PT-2023-28397 · Unknown · Smscontroller
Name of the Vulnerable Software and Affected Versions: SmsController versions prior to SMR Nov-2023 Release1 Description: The issue is related to improper access control in the SmsController, allowing local attackers to bypass restrictions on starting activities from the background...
CVE-2023-40116
In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2023-27274 · Google · Android
Name of the Vulnerable Software and Affected Versions: PipTaskOrganizer.java affected versions not specified Description: The issue is related to a logic error in the code of PipTaskOrganizer.java, specifically in the onTaskAppeared method. This error can be exploited to bypass background activit...
CVE-2023-21081
In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
CVE-2023-21088
In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...