7 matches found
PT-2024-10652 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue allows for local escalation of privilege or information disclosure due to uninitialized data or a pending intent. This could lead to accessing user metadata or local informati...
CVE-2023-44125
The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAGIMMUTABLE set that leads to theft and/or over-write of arbitrary files with system privilege in the Personalized service "com.lge.abba" app. The attacker's app, if it had access to app notifications, could...
PT-2023-12335 · Onos · Onos
Name of the Vulnerable Software and Affected Versions: ONOS version 2.5.1 Description: An issue was discovered in the IntentManager of ONOS. The install-requested intent, which causes an exception, remains in the pendingMap in memory forever. Deletion of this intent is not possible, neither by a...
GHSA-CM6R-892J-JV2G Google Play Services SDK leads to apps having incorrectly set mutability flag
Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain...
Google Play services 安全漏洞
Google Play services is used by Google Inc. to update Google apps and other applications provided by Google Play. A security vulnerability exists in the Google Play Services SDK that stems from an application incorrectly setting the variability flag to PendingIntents and passing it to the...
PT-2022-16319 · Google · Google Play Services Sdk
Name of the Vulnerable Software and Affected Versions: Google Play Services SDK versions prior to 18.0.2 Description: The issue arises from the incorrect setting of the mutability flag in PendingIntents passed to the Notification service in apps developed with the Google Play Services SDK. This b...
ASB-A-156020795
In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation...