672 matches found
CVE-2021-0569
In onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking/overlay attack. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:...
Design/Logic Flaw
In onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking/overlay attack. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:...
CVE-2021-0538
In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible exit of emergency callback mode due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...
CVE-2021-0538
CVE-2021-0538 affects Android 11 via EmergencyCallbackModeExitDialog.java, where a tapjacking/overlay attack can exit emergency callback mode, enabling local elevation of privilege with user interaction required. Documented impact: local EoP with high likelihood of access via exposed UI flow; CVS...
CVE-2021-0537
CVE-2021-0537 refers to an elevation-of-privilege in Android’s WiFiInstaller.java. The issue arises on Android 11 where an attacker could exploit a tapjacking/overlay attack during onCreate to install a malicious Hotspot 2.0 configuration, enabling local privilege escalation with user-interaction...
CVE-2021-0537
In onCreate of WiFiInstaller.java, there is a possible way to install a malicious Hotspot 2.0 configuration due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2021-0569
In onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking/overlay attack. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:...
CVE-2021-0569
CVE-2021-0569 affects Android 11 and is caused by a tapjacking/overlay flaw in ContactsDumpActivity.java that can lead to local information disclosure with user interaction required. Impact is information disclosure; exploitation is local and requires user action. Remediation is not explicitly st...
CVE-2021-0506
In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-0523
In onCreate of WifiScanModeActivity.java, there is a possible way to enable Wi-Fi scanning without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2021-0506
In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-0523
In onCreate of WifiScanModeActivity.java, there is a possible way to enable Wi-Fi scanning without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...
Design/Logic Flaw
In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
Design/Logic Flaw
In onCreate of WifiScanModeActivity.java, there is a possible way to enable Wi-Fi scanning without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2021-0506
In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-0506
CVE-2021-0506 corresponds to a tapjacking/overlay bypass in ActivityPicker.java that can bypass required user interaction during intent resolution, enabling local elevation of privilege with User execution privileges needed. Affected products/versions include Android 8.1, 9, 10, and 11. The vulne...
CVE-2021-0523
CVE-2021-0523 affects Android (notably Android-10/Android-11) via a tapjacking/overlay fault in WifiScanModeActivity.java that could enable Wi‑Fi scanning without consent, leading to local elevation of privilege with user execution required. Documents confirm the root cause (overlay/tapjacking in...
CVE-2021-0523
In onCreate of WifiScanModeActivity.java, there is a possible way to enable Wi-Fi scanning without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2021-0487
In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
CVE-2021-0487
In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...