Lucene search
K

12 matches found

Packet Storm News
Packet Storm News
added 2026/05/26 12:0 a.m.19 views

Silent Consent, Persistent Risk: Android Permission Groups and Custom Permissions

Android's permission system is designed to balance usability with informed consent, yet two legacy mechanisms still undermine that balance in Android 16: i permission groups that silently auto-grant new permissions within a group after a user's initial approval, and ii normal-level custom...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/05 7:9 a.m.130 views

Exploit for CVE-2024-23700

PoC for CVE-2024-23700, allowing silently obtain permissions to...

5.8AI score
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-2926

Malicious code in bioql PyPI...

7.8CVSS6.6AI score0.00167EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/03/11 2:37 p.m.617 views

AWS VDP: Non-Production API Endpoints for the Glue Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The AWS Glue service was found to have 12 non-production API endpoints that could be accessed using standard IAM credentials without generating any CloudTrail logs. This allowed for silent permission enumeration, where an adversary could determine the permissions of compromised credentials withou...

7AI score
Exploits0
Hacker One
Hacker One
added 2025/03/10 4:23 p.m.9 views

AWS VDP: Non-Production API Endpoints for the Global Accelerator Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The researchers discovered that there are 8 non-production endpoints for the Global Accelerator service which can be used with standard IAM credentials and do not log to CloudTrail. This allows for silent permission enumeration, where an adversary can determine the permissions of compromised...

7AI score
Exploits0
Hacker One
Hacker One
added 2025/03/04 5:14 p.m.1323 views

AWS VDP: Non-Production API Endpoints for the Forecast Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The Forecast service in Amazon Web Services AWS has four non-production API endpoints that can be accessed using standard IAM credentials, but do not log any activity to CloudTrail. This allows for silent permission enumeration, where an adversary can test the capabilities of compromised...

7AI score
Exploits0
Hacker One
Hacker One
added 2025/02/24 2:52 p.m.1443 views

AWS VDP: Non-Production API Endpoints for the DocumentDB Elastic Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The DocumentDB Elastic service was found to have three non-production API endpoints that could be accessed using standard IAM credentials without logging to CloudTrail. This allowed for silent permission enumeration, where an adversary could determine the permissions of compromised credentials...

7AI score
Exploits0
Hacker One
Hacker One
added 2025/02/18 4:18 p.m.1463 views

AWS VDP: Non-Production API Endpoints for the Device Farm Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The Device Farm service was found to have two non-production API endpoints that could be accessed using standard IAM credentials without generating CloudTrail logs. This allowed silent permission enumeration, where an adversary could test the permissions of compromised credentials without...

7AI score
Exploits0
Hacker One
Hacker One
added 2025/02/07 7:50 p.m.1399 views

AWS VDP: Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The vulnerability found in the Datazone service allows an adversary to enumerate permissions of compromised credentials without logging to CloudTrail. Forty-four non-production endpoints were identified that can be accessed using standard IAM credentials and do not generate CloudTrail logs. This...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2024/10/23 6:23 p.m.18 views

AWS VDP: Non-Production API Endpoints for the bedrock-agent Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The non-production API endpoints for the bedrock-agent service failed to log to CloudTrail, resulting in silent permission enumeration. A total of 26 non-production endpoints were found that could be used with standard IAM credentials without generating CloudTrail logs. This vulnerability was...

7.1AI score
Exploits0
OSV
OSV
added 2023/03/24 8:15 p.m.6 views

CVE-2023-20906

In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no additional execution...

7.8CVSS7.2AI score0.00098EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/24 12:0 a.m.4 views

PT-2023-17696 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: A permissions bypass issue in the PermissionManagerService.java allows for silent granting of a permission after a Target SDK update. This could lead to local escalation of privilege...

7.8CVSS7.6AI score0.00098EPSS
Exploits0References2
Rows per page
Query Builder