22 matches found
EUVD-2022-25709
Malicious code in bioql PyPI...
CVE-2024-0024
In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2024-0024
In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2024-0024
The CVE-2024-0024 issue affects Android’s UserManagerService.java, where improper input validation can cause a failure to persist or enforce user restrictions. This can enable local privilege escalation, requiring user interaction to exploit. Public references in the provided documents (Android/O...
PT-2024-15301 · Google · Android
Name of the Vulnerable Software and Affected Versions: UserManagerService.java affected versions not specified Description: The issue is related to improper input validation in multiple methods of UserManagerService.java, which could lead to a failure to persist or enforce user restrictions. This...
ASB-A-293602317
In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
Google Android Denial of Service Vulnerability (CNVD-2024-24425)
Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android, which stems from a logic error in the code of the writeUserLP method of the UserManagerService.java file, where a device policy is serialized with an incorrect tag...
CVE-2024-0047
In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for...
Code injection
In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for...
CVE-2024-0047
In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android, which stems from a logic error in the code of the writeUserLP method of the UserManagerService.java file, where a device policy is serialized with an incorrect tag...
CVE-2022-20449
In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Path traversal
In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2022-20449
CVE-2022-20449 affects Android 10–13, in the writeApplicationRestrictionsLAr path, where a path traversal flaw could overwrite system files, enabling local DoS with system privileges and no user interaction. Exploitation specifics are not detailed in the provided documents. Android bulletins note...
CVE-2022-20449
In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
PT-2022-14671 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: The issue is related to a path traversal error in the writeApplicationRestrictionsLAr function of UserManagerService.java. This error could allow an overwrite of system files,...
CVE-2022-20449
In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
ASB-A-239701237
In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2022-20219
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is no...
Session fixation
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is no...