102 matches found
CVE-2021-0926
In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2021-1023
In onCreate of RequestIgnoreBatteryOptimizations.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User...
CVE-2021-0933
In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetoo...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in Google Android 12. The vulnerability arises due to a possible bypass of user interaction requirements due to an unclear UI in onCreate in AllowBindAppWidgetActivity.java. An...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android 11 suffers from an elevation of privilege vulnerability that originates in onCreate in UsbPermissionActivity.java, which can be exploited by an attacker to cause local privilege escalation...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which originates in onCreate of KeyChainActivity.java. The application certificate stored in the keychain can be exploited by an attacker, who can use t...
Design/Logic Flaw
In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1744955...
CVE-2021-0594
CVE-2021-0594 affects Android: In ConfirmConnectActivity.onCreate, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege by deceiving a user into allowing a Bluetooth connection with no additional exec...
ASB-A-182809425
In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
Design/Logic Flaw
In onCreate of WiFiInstaller.java, there is a possible way to install a malicious Hotspot 2.0 configuration due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2021-0386
In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-17342111...
Design/Logic Flaw
In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-17342111...
CVE-2021-0391
In onCreate of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. Google Android has a security vulnerability where an eavesdropping vector may exist in onCreate of RequestPermissionActivity.java due to insecure default values. This could lead to a local...
CVE-2021-0315
In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
CVE-2021-0309
CVE-2021-0309 affects Android (versions 8.0–11) with a flaw in grantCredentialsPermissionActivity during onCreate that enables a confused deputy to disclose local information and gain account access without extra execution privileges. Exploitation requires user interaction, and impact is describe...
CVE-2020-27030
In onCreate of HandleApiCalls.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege that allows an app to set or dismiss the alarm with no additional execution privileges needed. User interaction is not needed for...
CVE-2020-0386
In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for...
CVE-2020-0215
In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for...
CVE-2020-0114
In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed...