672 matches found
CVE-2021-1038
CVE-2021-1038 describes a DoS via a tapjacking/overlay vulnerability in UserDetailsActivity of AndroidManifest.xml, affecting Android 9–12. The root cause is an overlay/tapjacking issue that can cause local denial of service with no extra privileges; exploitation requires user interaction per CVS...
CVE-2021-1040
In onCreate of BluetoothPairingSelectionFragment.java, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-1039
CVE-2021-1039 affects Android Platform apps: NotificationAccessActivity in AndroidManifest.xml can enable a local elevation of privilege via a tapjacking/overlay trick. Affected: Android 9–12. Root cause: overlay/tapjacking allows bypass of user interaction requirements to gain higher privileges ...
CVE-2021-1016
In onCreate of UsbPermissionActivity.java, there is a possible way to grant an app access to USB without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
CVE-2021-1016
The CVE-2021-1016 issue affects Android 12 and points to UsbPermissionActivity.java. A tapjacking/overlay flaw could grant USB access to an app without informed user consent, enabling local privilege escalation with user interaction required for exploitation. The vulnerability is described across...
CVE-2021-0963
In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2021-0963
CVE-2021-0963 involves a tapjacking/overlay vulnerability in KeyChainActivity.java that could allow an app certificate stored in the Android keychain to be misused, resulting in local elevation of privilege. Public details in the provided documents confirm the issue affects Android versions 9–12 ...
CVE-2021-0954
In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID:...
CVE-2021-0954
CVE-2021-0954 is an Elevation of Privilege issue affecting Android’s ResolverActivity. A tapjacking/overlay attack could bypass user interaction and enable local privilege elevation with user interaction required. Affected versions include Android 10 and 11. Public references in the 2021-12 Andro...
PUB-A-183610267
In onCreate of UsbPermissionActivity.java, there is a possible way to grant an app access to USB without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
CVE-2021-0583
In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...
CVE-2021-0583
In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...
Design/Logic Flaw
In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...
CVE-2021-0583
CVE-2021-0583 affects Android (9/10) and relates to the BluetoothPairingDialog onCreate, enabling a tapjacking/overlay scenario that could lead to local elevation of privilege. According to Red Hat and NVD entries, exploitation requires user interaction (UI: Required) and local access, with a hig...
CVE-2021-0583
In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...
CVE-2021-0598
In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...
CVE-2021-0598
In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...
Design/Logic Flaw
In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...
CVE-2021-0598
In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...
ASB-A-180422108
In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...