Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

102 matches found

Positive Technologies
Positive Technologiesadded 2023/07/12 12:0 a.m.8 views

PT-2023-18037 · Google · Android

Name of the Vulnerable Software and Affected Versions: ConfirmDialog.java affected versions not specified Description: The issue is related to improper input validation in the onCreate method of ConfirmDialog.java, allowing a possible connection to VNP without the user's consent. This could lead ...

7.3CVSS7AI score0.00213EPSS
Exploits0References3
CNNVD
CNNVDadded 2023/06/28 12:0 a.m.3 views

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from onCreate in DataUsageSummary.java, where a user may bypass privilege restrictions and enable or disable mobile data, which may result in a local privilege...

7.8CVSS7.3AI score0.00088EPSS
Exploits0References2
CNNVD
CNNVDadded 2023/06/28 12:0 a.m.2 views

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, an American company. Google Pixel suffers from a security vulnerability that originates in onCreate in UsbAccessoryUriActivity.java, which can evade the installation wizard due to a logic error in the code, which could lead to local privilege escalation...

7.8CVSS7.3AI score0.00091EPSS
Exploits0References2
Cvelist
Cvelistadded 2023/06/28 12:0 a.m.27 views

CVE-2023-21175

In onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.9AI score0.00088EPSS
Exploits0References1
NVD
NVDadded 2023/06/15 7:15 p.m.19 views

CVE-2023-21135

In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS7.8AI score0.00093EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/05/23 12:0 a.m.3 views

PT-2023-5066 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the September 2023 security updates Description: The issue is related to a logic error in the code of WindowState.java, specifically in the onCreate method, which can lead to local escalation of privilege with no...

8.8CVSS9.1AI score0.02203EPSS
Exploits0References55
CNVD
CNVDadded 2023/02/08 12:0 a.m.25 views

Google Android suffers from unspecified vulnerability (CNVD-2023-09610)

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android versions 10, 11, and 12, which stems from an eavesdropping/overwriting attack in onCreate of MasterClearConfirmFragment.java, which may restore factory settings and cause a...

5.5CVSS5.5AI score0.00126EPSS
Exploits0References1
OSV
OSVadded 2023/01/26 9:15 p.m.1 views

CVE-2022-20215

In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

5.5CVSS5.9AI score0.00126EPSS
Exploits0References1
Prion
Prionadded 2023/01/26 9:15 p.m.21 views

Design/Logic Flaw

In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

1.9CVSS5.4AI score0.00126EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2023/01/24 12:0 a.m.137 views

CVE-2023-20913

CVE-2023-20913 affects Android 10–13; a tapjacking/overlay issue in PhoneAccountSettingsActivity could enable local elevation of privilege by tricking the user into enabling a malicious phone account. The Android Security Bulletin lists this issue under the 2023-01-01 and 2023-01-05 patch levels;...

7.8CVSS7.6AI score0.00125EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2022/12/16 4:15 p.m.1 views

CVE-2022-20520

In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202...

7.8CVSS5.9AI score0.00189EPSS
Exploits0References1
NVD
NVDadded 2022/12/16 4:15 p.m.21 views

CVE-2022-20520

In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202...

7.8CVSS0.00189EPSS
Exploits0References1
CVE
CVEadded 2022/12/16 12:0 a.m.84 views

CVE-2022-20506

The CVE-2022-20506 entry applies to Android 13, where in WifiDialogActivity.java the onCreate path lacks a required permission check. This permits local privilege escalation from a guest user with no additional execution privileges, and exploitation requires no user interaction. Public details co...

7.8CVSS7.6AI score0.0016EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2022/12/16 12:0 a.m.3 views

PT-2022-14734 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible tapjacking/overlay attack in the onCreate of various files. This could lead to local escalation of privilege or denial of server with User execution privileges needed...

7.8CVSS7.6AI score0.00189EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2022/12/16 12:0 a.m.4 views

PT-2022-14765 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a tapjacking/overlay attack in the onCreate method of LogAccessDialogActivity.java. This could allow bypassing a permission check, leading to local escalation of privilege with...

6.5CVSS6.5AI score0.00129EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2022/12/16 12:0 a.m.5 views

PT-2022-14732 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a missing permission check in the onCreate method of AddAppNetworksActivity.java. This could allow a guest user to configure WiFi networks, potentially leading t...

3.3CVSS4.1AI score0.00148EPSS
Exploits0References2
Cvelist
Cvelistadded 2022/12/16 12:0 a.m.22 views

CVE-2022-20506

In onCreate of WifiDialogActivity.java, there is a missing permission check. This could lead to local escalation of privilege from a guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2261330...

7.9AI score0.0016EPSS
Exploits0References1
OSV
OSVadded 2022/08/10 8:15 p.m.3 views

CVE-2022-20350

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not...

5.5CVSS6.2AI score0.00095EPSS
Exploits0References1
CVE
CVEadded 2022/08/05 3:13 p.m.57 views

CVE-2022-33727

CVE-2022-33727 describes a vulnerability in the SecDevicePickerDialog onCreate prior to Samsung SMR Aug-2022 Release 1, where flawed UI handling enables a tapjacking/overlay attack to trick users into selecting an unwanted Bluetooth device. The issue is documented across multiple sources (NVD, Re...

6.1CVSS6.3AI score0.00129EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2022/06/15 2:15 p.m.4 views

CVE-2022-20194

In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-222684510...

7.8CVSS7.2AI score0.00112EPSS
Exploits0References2
Rows per page
Query Builder