672 matches found
CVE-2021-39692
In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...
Design/Logic Flaw
In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...
Design/Logic Flaw
In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
CVE-2021-39702
CVE-2021-39702 affects Android 12; in onCreate of RequestManageCredentials.java, a tapjacking/overlay attack could allow a third‑party app to install certificates without user approval, enabling local elevation of privilege with User interaction required . Documented impact: EoP with high confide...
CVE-2021-39702
In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
CVE-2021-39692
In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2021-39692
CVE-2021-39692 describes a local elevation of privilege in Android (10–12) via SetupLayoutActivity.java (tapjacking/overlay) that could bypass user consent to set up a work profile. Exploitation requires user interaction; CVSS indicates high impact (EoP) with local attack vector. Public reference...
ASB-A-209611539
In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
ASB-A-205150380
In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
CVE-2021-39669
In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2021-39669
In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
Design/Logic Flaw
In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2021-39669
In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2021-39669
CVE-2021-39669 affects Android 11–12, in InstallCaCertificateWarning.java (onCreate). It enables a tapjacking/overlay flow to mislead users during CA certificate installation, leading to local elevation of privilege. Exploitation requires user interaction; no additional privileges are needed. Pat...
Google Android Automotive Os Elevation of Privilege Vulnerability
Google Android Automotive Os is an operating system and platform from Google that runs directly on in-vehicle hardware. Google Android Automotive Os suffers from an elevation of privilege vulnerability that originates in LocationSettingsActivity in AndroidManifest.xml, where an EoP is possible du...
CVE-2021-1036
In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-1036
In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
Privilege escalation
In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-1036
In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-1036
CVE-2021-1036 corresponds to an elevation-of-privilege vulnerability in Android’s LocationSettingsActivity via a tapjacking/overlay attack. Public records across NVD, Red Hat, CNVD and related sources confirm: affected products are Android 9–12 (and specifically AAOS references) with the vulnerab...