EUVD-2023-25406

Malicious code in bioql PyPI...

EUVD-2023-25454

Malicious code in bioql PyPI...

EUVD-2023-25445

Malicious code in bioql PyPI...

EUVD-2023-25447

Malicious code in bioql PyPI...

ASB-A-376028556

In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

CVE-2023-21277

In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...

Cross site scripting

In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21286

CVE-2023-21286 affects Android’s RemoteViews.java, specifically the visitUris path. The issue is described as a missing permission check that could allow a local attacker to reveal images across users, resulting in local escalation of privilege without requiring extra execution privileges. The ex...

CVE-2023-21279

In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21279

CVE-2023-21279 concerns Android’s RemoteViews.visitUris, where a confused deputy could enable cross-user media reads and local information disclosure without extra execution privileges. The vulnerability is discussed across multiple sources tied to the Android security ecosystem (NVD, Red Hat, PR...

CVE-2023-21277

CVE-2023-21277: The vulnerability is in Android’s RemoteViews.java visitUris method, where a missing permission check can allow an attacker to disclose images across users. The impact is local information disclosure with User privileges, and exploitation does not require user interaction. Public ...

PT-2023-18065 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a missing permission check in the visitUris method of RemoteViews.java. This could allow revealing images across users, potentially leading to local escalation of...

Google Android Security Vulnerability

Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android, which stems from a visitUris module vice confusion in RemoteViews.java, which may have cross-user media reads...

CVE-2023-21238

CVE-2023-21238 affects Google's Android framework: in RemoteViews.visitUris, a confused-deputy flaw can leak images between users, causing local information disclosure without extra privileges or user interaction. The issue is documented in the 2023-07-01 Android Security Bulletin (Framework sect...

Google Android elevation of privilege vulnerability (CNVD-2021-45832)

Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android 11. The vulnerability arises due to a privilege bypass in isRestricted in RemoteViews.java. An attacker could exploit the...

CVE-2021-0567

In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Andro...

CVE-2021-0567

CVE-2021-0567 affects Android 11, where isRestricted in RemoteViews.java can be bypassed to inject font files, enabling local escalation of privilege with no additional privileges or user interaction. The vulnerability is categorized as Elevation of Privilege (EoP). In public advisories, patches ...