In Car Settings app, the NotificationAccessConfirmationActivity is exported. In NotificationAccessConfirmationActivity, it gets both 'mComponentName' and 'pkgTitle' from user.An unprivileged app can u ...
Continue Reading
July 13, 2022
In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additio ...
Continue Reading
July 13, 2022
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution priv ...
Continue Reading
July 13, 2022
A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument username/password wit ...
Continue Reading
July 13, 2022
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
July 13, 2022
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
July 13, 2022
IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall ...
Continue Reading
July 13, 2022
A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to exe ...
Continue Reading
July 13, 2022
Back to Main
