64 matches found
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability due to a privilege bypass in AdminRestrictedPermissionsUtils.java's onSetRuntimePermissionGrantStateByDeviceAdmin, which can be exploited by an attacker to obtain...
CVE-2023-21495
Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set...
Improper access control
Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set...
CVE-2023-21495
Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set...
CVE-2023-21495
CVE-2023-21495 concerns an improper access control bug in the Knox Enrollment Service on Samsung devices, prior to SMR May-2023 Release 1. The issue could allow an attacker to install a KSP app when device admin is set. Root cause: access control weakness in Knox Enrollment Service. Severity metr...
CVE-2021-0986
In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User...
PUB-A-192247339
In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User...
CVE-2021-0600
In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2021-0600
In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
ASB-A-179042963
In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2021-0553
In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android...
CVE-2021-0534
In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2021-0553
CVE-2021-0553 affects Android 11 (AppSwitchPreference.java, onBindViewHolder). The issue is a possible bypass of device admin settings caused by an unclear UI, enabling local privilege escalation with user execution privileges required. Exploitation reportedly requires user interaction. The provi...
CVE-2021-0553
In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android...
PUB-A-169936038
In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
CVE-2021-25356
An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application...
CVE-2021-25356
An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application...
Input validation
An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application...
CVE-2021-25356
CVE-2021-25356 pertains to Samsung’s Managed Provisioning. An improper caller check prior to SMR APR-2021 Release 1 allows an unprivileged application to install arbitrary applications, grant device admin permissions, and subsequently delete multiple installed apps. The issue’s root cause is an i...
CVE-2021-25356
An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application...