CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213323615
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002
The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the livesupporti_settings() function found in the ~/livesupporti.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link.
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328
a function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array 'policy[type]', which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-238379819
Product: AndroidVersions: Android kernelAndroid ID: A-211727306References: N/A