Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.
Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file.
Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. (Chromium security severity: Medium)
In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180104327
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.
In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of CameraService.cpp, there is a possible way to use the camera from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed.
In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.
In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
In contacts service, there is a missing permission check. This could lead to local denial of service in Contacts service with no additional execution privileges needed.
In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed.
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
In network service, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In bluetooth service, there is a possible missing permission check. This could lead to local denial of service in bluetooth service with no additional execution privileges needed.
In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed.
In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150857253