Lucene search
K

59 matches found

Positive Technologies
Positive Technologies
added 2025/03/12 12:0 a.m.4 views

PT-2025-11059 · Google · Android

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: The software is susceptible to a tapjacking/overlay attack, potentially allowing for local escalation of privilege without requiring additional execution privileges or user interaction. The attack...

7.8CVSS6.6AI score0.00088EPSS
Exploits0References5
OSV
OSV
added 2023/01/26 9:15 p.m.2 views

CVE-2022-20215

In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

5.5CVSS5.9AI score0.00126EPSS
Exploits0References1
OSV
OSV
added 2023/01/01 12:0 a.m.35 views

ASB-A-246933785

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is...

7.8CVSS7.7AI score0.00125EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/12/16 12:0 a.m.28 views

CVE-2022-20553

In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

6.9AI score0.00129EPSS
Exploits0References1
Prion
Prion
added 2022/12/13 4:15 p.m.15 views

Design/Logic Flaw

In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

4.1CVSS7.2AI score0.00096EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.6 views

PT-2022-14666 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-12L Description: The issue is related to a tapjacking/overlay attack in the ReviewPermissionsActivity.java file. This could allow granting permissions for a separate app on devices with API level le...

7.3CVSS7AI score0.00096EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/12/13 12:0 a.m.6 views

CVE-2022-20442

In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

7.4AI score0.00096EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/12 3:15 p.m.7 views

CVE-2022-20331

In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

7.8CVSS7.2AI score0.00108EPSS
Exploits0References2
OSV
OSV
added 2022/07/13 7:15 p.m.4 views

CVE-2022-20212

In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

7.8CVSS7.2AI score0.00113EPSS
Exploits0References1
NVD
NVD
added 2022/07/13 7:15 p.m.21 views

CVE-2022-20212

In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

7.8CVSS0.00113EPSS
Exploits0References1
Prion
Prion
added 2022/07/13 7:15 p.m.22 views

Design/Logic Flaw

In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

4.4CVSS7.7AI score0.00113EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/07/13 6:27 p.m.21 views

CVE-2022-20212

In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

7.9AI score0.00113EPSS
Exploits0References1
Prion
Prion
added 2022/04/12 5:15 p.m.18 views

Privilege escalation

In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

6.9CVSS7.2AI score0.00156EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/03/16 3:15 p.m.6 views

CVE-2021-39692

In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...

7.8CVSS7.2AI score0.00698EPSS
Exploits0References1
NVD
NVD
added 2022/03/16 3:15 p.m.21 views

CVE-2021-39692

In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...

9.3CVSS0.00698EPSS
Exploits0References1
Prion
Prion
added 2022/03/16 3:15 p.m.15 views

Design/Logic Flaw

In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

9.3CVSS7.6AI score0.00314EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/16 2:4 p.m.27 views

CVE-2021-39692

In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...

7.9AI score0.00698EPSS
Exploits0References1
OSV
OSV
added 2022/03/01 12:0 a.m.43 views

ASB-A-205150380

In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

9.3CVSS7.8AI score0.00314EPSS
Exploits0References2
NVD
NVD
added 2022/01/14 8:15 p.m.28 views

CVE-2021-1036

In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

7.8CVSS0.0032EPSS
Exploits0References1
OSV
OSV
added 2021/12/15 7:15 p.m.4 views

CVE-2021-0954

In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID:...

7.3CVSS5.9AI score0.00261EPSS
Exploits0References1
Rows per page
Query Builder