CVE-2023-43488

The vulnerability allows a low privileged untrusted application to modify a critical system property that should be denied, in order to enable the ADB Android Debug Bridge protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical...

CVE-2025-26450

In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...

ASB-A-331730488

In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...

CVE-2024-48336

The install function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a craft...

CVE-2024-48336

The install function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a craft...

CVE-2024-48336

The install function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a craft...

CVE-2024-48336

The install function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a craft...

CVE-2024-48336

The install function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a craft...

CVE-2024-41024

CVE-2024-41024 is rejected/not used and does not represent an active vulnerability entry.

CVE-2023-43488

The vulnerability allows a low privileged untrusted application to modify a critical system property that should be denied, in order to enable the ADB Android Debug Bridge protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical...

CVE-2023-41960

The vulnerability allows an unprivilegeduntrusted third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself...

Design/Logic Flaw

The vulnerability allows an unprivilegeduntrusted third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself...

Design/Logic Flaw

The vulnerability allows a low privileged untrusted application to modify a critical system property that should be denied, in order to enable the ADB Android Debug Bridge protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical...

CVE-2023-41372

The vulnerability allows an unprivileged untrusted third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcode...

CVE-2023-43488

The vulnerability allows a low privileged untrusted application to modify a critical system property that should be denied, in order to enable the ADB Android Debug Bridge protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical...

Input validation

Misskey is an open source, decentralized social media platform. Due to insufficient validation of the redirect URL during miauth authentication in Misskey, arbitrary JavaScript can be executed when a user allows the link. All versions below 13.3.1 including 12.x are affected. This has been fixed ...

CVE-2021-0942

The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = pagetophyspsOSPageArrayData-pagearrayui32PageIndex;With the current PoC this crashes as an OOB read. However, given that the O...

ASB-A-214999987

In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Privilege Escalation

firefox is vulnerable to privilege escalation. The vulnerability exists through the remote debugging via USB feature where an untrusted app could have connected to the feature with the privileges of the browser to read and interact with web content...

OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)

The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application...