672 matches found
Code injection
A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack...
CVE-2022-33727
A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack...
CVE-2022-33727
CVE-2022-33727 describes a vulnerability in the SecDevicePickerDialog onCreate prior to Samsung SMR Aug-2022 Release 1, where flawed UI handling enables a tapjacking/overlay attack to trick users into selecting an unwanted Bluetooth device. The issue is documented across multiple sources (NVD, Re...
CVE-2022-33723
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack...
CVE-2022-33723
CVE-2022-33723 concerns a vulnerable code path in the BluetoothScanDialog component on Android/Samsung devices. The issue is located in the onCreate method of BluetoothScanDialog, where an attacker could trick a user into selecting an unwanted Bluetooth device via a tapjacking/overlay attack. Aff...
PT-2022-21840 · Unknown · Bluetoothscandialog
Name of the Vulnerable Software and Affected Versions: BluetoothScanDialog versions prior to SMR Aug-2022 Release 1 Description: A vulnerable code in the onCreate method of BluetoothScanDialog allows attackers to trick the user into selecting an unwanted Bluetooth device via tapjacking/overlay...
PT-2022-21844 · Unknown · Secdevicepickerdialog
Name of the Vulnerable Software and Affected Versions: SecDevicePickerDialog versions prior to SMR Aug-2022 Release 1 Description: A vulnerable code in the onCreate method of SecDevicePickerDialog allows attackers to trick the user into selecting an unwanted Bluetooth device via tapjacking or...
Google Android Elevation of Privilege Vulnerability (CNVD-2022-63885)
Google Android Automotive Os is an operating system and platform from Google, Inc. that runs directly on in-vehicle hardware. an elevation of privilege vulnerability exists in Google Android version 10 11, which originates in the wifi.requestToggleWifiActivity in AndroidManifest.xml...
CVE-2022-20226
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12...
CVE-2022-20226
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12...
CVE-2022-20226
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12...
CVE-2022-20212
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2022-20212
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2022-20212
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
Input validation
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12...
Design/Logic Flaw
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2022-20212
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2022-20226
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12...
CVE-2022-20226
CVE-2022-20226 affects Android 12 / 12L. Root cause: in finishDrawingWindow of WindowManagerService.java, improper input validation enables tapjacking. This could allow local escalation of privilege with User privileges required; exploitation requires user interaction. Affected component is the W...
Google Android Automotive OS (AAOS) 权限许可和访问控制问题漏洞
Google Android Automotive Os is an operating system and platform from Google, Inc. that runs directly on in-vehicle hardware. an elevation of privilege vulnerability exists in Google Android version 10 11, which originates in the wifi.requestToggleWifiActivity in AndroidManifest.xml...