Lucene search
K

44 matches found

redhatcve
redhatcve
added 2025/05/23 5:20 a.m.5 views

CVE-2023-21229

In registerServiceLocked of ManagedServices.java, there is a possible bypass of background activity launch restrictions due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.9AI score0.00091EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 5:20 a.m.6 views

CVE-2023-21269

In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.9AI score0.00084EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 5:19 a.m.2 views

CVE-2023-21145

In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.9AI score0.00091EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 3:9 a.m.3 views

CVE-2023-21342

In RemoteSpeechRecognitionService of RemoteSpeechRecognitionService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

7.8CVSS6.9AI score0.00149EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 3:9 a.m.5 views

CVE-2023-21343

In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.9AI score0.00103EPSS
Exploits0References1
nvd
nvd
added 2024/07/09 9:15 p.m.36 views

CVE-2024-34723

In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS0.00115EPSS
Exploits1References2
osv
osv
added 2024/07/09 9:15 p.m.6 views

CVE-2024-31316

In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6AI score0.00111EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/07/09 12:0 a.m.9 views

PT-2024-26137 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions affected versions not specified Description: The issue is related to a logic error in the code of ParcelableListBinder.java, specifically in the onTransact method. This error could allow an attacker to steal the...

7.8CVSS6.9AI score0.00115EPSS
Exploits1References5
cnnvd
cnnvd
added 2024/02/16 12:0 a.m.7 views

Google Android Security Vulnerability

Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android that stems from a logic error in the code of the startNextMatchingActivity method of the ActivityTaskManagerService.java file, with a possible way ...

7.8CVSS6.9AI score0.00115EPSS
Exploits0References4
cnnvd
cnnvd
added 2024/02/16 12:0 a.m.7 views

Google Android Security Vulnerability

Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android that originates from a BackgroundLaunchProcessController BAL bypass, which could potentially launch arbitrary activities from the background...

7.8CVSS6.8AI score0.00118EPSS
Exploits0References4
osv
osv
added 2024/02/15 11:15 p.m.5 views

CVE-2023-40106

In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00085EPSS
Exploits0References2
osv
osv
added 2023/12/04 11:15 p.m.5 views

CVE-2023-40079

In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.2AI score0.00127EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/12/04 12:0 a.m.6 views

PT-2023-27267 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a missing check in the createDontSendToRestrictedAppsBundle function of PendingIntentUtils.java, which could lead to a possible background activity launch. This migh...

7.8CVSS7.5AI score0.00126EPSS
Exploits0References5
osv
osv
added 2023/10/30 6:15 p.m.7 views

CVE-2023-21396

In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00105EPSS
Exploits0References1
osv
osv
added 2023/10/30 5:15 p.m.6 views

CVE-2023-21343

In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00103EPSS
Exploits0References1
osv
osv
added 2023/10/30 5:15 p.m.4 views

CVE-2023-21342

In RemoteSpeechRecognitionService of RemoteSpeechRecognitionService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

7.8CVSS5.9AI score0.00149EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2023/10/30 12:0 a.m.2 views

PT-2023-18127 · Unknown · Activity Manager

Name of the Vulnerable Software and Affected Versions: Activity Manager affected versions not specified Description: The issue is caused by a logic error in the code, allowing for a possible background activity launch. This could lead to local escalation of privilege with no additional execution...

7.8CVSS6.7AI score0.00119EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2023/08/14 12:0 a.m.5 views

PT-2023-18050 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: In the startActivityInner function of ActivityStarter.java, there is a possible way to launch an activity into Picture-in-Picture PiP mode from the background due to a bypass of the...

7.8CVSS6.9AI score0.00084EPSS
Exploits0References8
osv
osv
added 2023/07/13 12:15 a.m.7 views

CVE-2023-21145

In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00091EPSS
Exploits0References2
prion
prion
added 2023/07/13 12:15 a.m.22 views

Design/Logic Flaw

In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS7.7AI score0.00091EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder