11 matches found
EUVD-2022-25652
Malicious code in bioql PyPI...
CVE-2023-20971
In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...
CVE-2022-20392
In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges...
Input validation
In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges...
PT-2022-14618 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-12L Description: The issue is related to improper input validation in the declareDuplicatePermission function of ParsedPermissionUtils.java. This could allow an attacker to obtain a dangerous...
ASB-A-213323615
In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges...
CVE-2021-0307
In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no additional...
CVE-2021-0307
In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no additional...
PT-2021-12991 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-11 Description: The issue is related to a confused deputy in the updatePermissionSourcePackage function of PermissionManagerService.java, which could lead to a local escalation of privilege. This...
FUN BY EARN - Customized SSL, Dangerous filesystem permissions, MIT license vulnerabilities
HackApp vulnerability scanner discovered that application FUN BY EARN published at the 'play' market has multiple vulnerabilities...
Dizzy Run - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Dizzy Run published at the 'play' market has multiple vulnerabilities...