Page 79 of 2560 results (0.010 seconds)

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of the user's contacts with User execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-8.0, Android-8.1, Android-9; Android ID: A-162738636. En varias funciones del archivo GlobalScreenshot.java, se presenta una posible omisión de permisos debido a un PendingIntent no seguro. • https://source.android.com/security/bulletin/2021-01-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: Android; Versions: Android-10, Android-11, Android-9; Android ID: A-159145361. En la función onCreate del archivo SlicePermissionActivity.java, se presenta una posible cadena engañosa que se muestra debido a una comprobación inapropiada de la entrada. Esto podría conllevar a una divulgación de información local con privilegios de ejecución User necesarios. • https://source.android.com/security/bulletin/2021-01-01 • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to local information disclosure and account access with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158480899. En la función onCreate del archivo grantCredentialsPermissionActivity, se presenta un confused deputy. • https://source.android.com/security/bulletin/2021-01-01 •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095. En la función ReadLogicalParts del archivo basicmbr.cc, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. • https://lists.debian.org/debian-lts-announce/2021/02/msg00010.html https://security.gentoo.org/glsa/202105-03 https://source.android.com/security/bulletin/2021-01-01 https://access.redhat.com/security/cve/CVE-2021-0308 https://bugzilla.redhat.com/show_bug.cgi?id=2051943 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITY_RECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-154505240. En la función addAllPermissions del archivo PermissionManagerService.java, se presenta una posible omisión de permisos al actualizar las principales versiones de Android, lo que permite que una aplicación obtenga el permiso android.permission.ACTIVITY_RECOGNITION sin la confirmación del usuario. • https://source.android.com/security/bulletin/2021-01-01 • CWE-269: Improper Privilege Management •