672 matches found
CVE-2021-0433
CVE-2021-0433 affects Android 8.1–11. The issue is a tapjacking/overlay bypass in DeviceChooserActivity.java that lets an attacker bypass the consent dialog when pairing a Bluetooth device, enabling local escalation of privilege and pairing with a malicious device without extra privileges. Exploi...
CVE-2021-0438
CVE-2021-0438 describes a tapjacking/overlay risk in Android where an incorrect FLAG_OBSCURED value in InputDispatcher.cpp and WindowManagerService.java can enable local elevation of privilege with user interaction. The description covers affected Android versions (8.1, 9, 10) and notes exploitat...
CVE-2021-0438
In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAGOBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
ASB-A-172252122
In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
ASB-A-171221090
In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User...
ASB-A-152064592
In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAGOBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2021-0386
In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-17342111...
CVE-2021-0386
In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-17342111...
Design/Logic Flaw
In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-17342111...
CVE-2021-0391
In onCreate of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
CVE-2021-0391
In onCreate of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
Design/Logic Flaw
In onCreate of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
CVE-2021-0386
In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-17342111...
CVE-2021-0391
In onCreate of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
CVE-2021-0391
CVE-2021-0391 affects Android Open Source Project: the vulnerability resides in the UI flow of ChooseTypeAndAccountActivity (onCreate in ChooseTypeAndAccountActivity.java). It allows learning whether an account exists via a tapjacking/overlay attack, without requiring permissions. Impact: local e...
PT-2021-13064 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android version Android-11 Description: In the onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. Use...
PT-2021-13069 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-8.1 through Android-11 Description: The issue allows an attacker to learn the existence of an account without permissions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User...
ASB-A-172841550
In onCreate of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
CVE-2021-0333
In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User...
CVE-2021-0333
In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User...