CWE-862: Missing Authorization

This vulnerability allows local attackers to activate or deactivate RCS (Rich Communication Services) on Android devices without proper permissions. I...

This vulnerability allows local attackers to bypass Android's DISALLOW_DEBUGGING_FEATURES restriction, enabling unauthorized debugging and tracing cap...

CVE-2022-48392 is a missing permission check vulnerability in the dialer service on Unisoc chipsets, allowing local attackers to escalate privileges w...

CVE-2022-48390 is a missing permission check vulnerability in telephony services that allows local attackers to escalate privileges without requiring ...

CVE-2022-48368 is a missing permission check vulnerability in the audio service that allows local attackers to escalate privileges without requiring a...

CVE-2022-48383 is a missing permission check vulnerability in the srtd service that allows local attackers to escalate privileges without requiring ad...

CVE-2022-48388 is a missing permission check vulnerability in the powerEx service that allows local attackers to escalate privileges without requiring...

This CVE describes a missing permission check vulnerability in the audio service of certain systems, allowing local attackers to escalate privileges w...

CVE-2022-48245 is a missing permission check vulnerability in the audio service that allows local attackers to escalate privileges without requiring a...

This CVE describes a missing permission check vulnerability in the audio service that could allow local attackers to escalate privileges without requi...

CVE-2022-48249 is a missing permission check vulnerability in the audio service that allows local attackers to escalate privileges without requiring a...

CVE-2022-44433 is a missing permission check vulnerability in the phoneEx service on Unisoc chipsets. This allows local attackers to escalate privileg...

This vulnerability allows a local attacker to take over the screen display and swap display content without user interaction due to a missing permissi...

This vulnerability allows local attackers to bypass permission checks in Android's Transcode Permission Controllers, enabling privilege escalation wit...

This Android vulnerability allows a guest user account to change network settings of an admin user due to a missing permission check in the WiFi servi...

This vulnerability allows local attackers to bypass permission checks in Android's Transcode Permission Controllers, potentially gaining elevated priv...

This vulnerability allows local attackers to bypass permission checks in Android's Transcode Permission Controllers, potentially gaining elevated priv...

This vulnerability allows guest users on Android 13 devices to escalate privileges locally by accessing the AddSupervisedUserActivity without proper p...

CVE-2022-47361 is a missing permission check vulnerability in firewall services that allows local attackers to escalate privileges. Attackers need sys...

CVE-2022-21777 is a permission bypass vulnerability in Autoboot that allows local attackers to escalate privileges without user interaction. This affe...

This vulnerability allows local attackers to submit falsified bug reports without proper permission checks, potentially leading to privilege escalatio...

This vulnerability allows local attackers to bypass user interaction requirements for Bluetooth discoverable timeout settings due to a missing permiss...

This vulnerability in Android's CarSettings allows Bluetooth device pairing without user consent due to a missing permission check. It enables local p...

This vulnerability allows local attackers to access any slice URI on Android devices due to improper input validation in the SliceManagerService. It e...

This vulnerability in MediaTek telephony components allows local attackers to disable SMS message reception without proper permission checks. It enabl...

This vulnerability in Android's incfs (incremental filesystem) allows attackers with system execution privileges to mount filesystems on arbitrary pat...

This vulnerability in Android's PackageManager allows malicious apps to update the last usage time of other packages without proper permission checks....

This vulnerability allows local attackers to bypass Android's activity protection mechanisms and launch non-exported activities without proper permiss...

This vulnerability allows malicious apps to launch foreground activities from the background without proper permission checks in Android's WindowManag...

This vulnerability in Android's RCS messaging system allows local attackers to send messages without proper permissions due to a missing permission ch...

This vulnerability allows local privilege escalation in MediaTek's IMS service due to a missing permission check. Attackers can gain elevated privileg...

This vulnerability in Android's MediaProvider allows local attackers to access media collections without proper permission checks. It enables local pr...

This Bluetooth vulnerability allows local attackers to escalate privileges without user interaction by exploiting a missing permission check. It affec...

This vulnerability allows local attackers to bypass permission checks in a MediaTek system service, potentially gaining elevated privileges without us...

This Android kernel vulnerability allows local attackers to bypass PIN protection on device settings without requiring user interaction. It enables pr...

CVE-2021-0999 is a local privilege escalation vulnerability in Android 12 that allows attackers to manipulate Bluetooth A2DP device connections withou...

This vulnerability in Android 12's Wi-Fi service allows local attackers to detect whether specific apps are installed without proper permissions. It e...

This vulnerability in Android's permission system allows local attackers to escalate privileges without user interaction. It affects Android 12 device...

This macOS vulnerability allows malicious applications to bypass Privacy preferences, potentially accessing protected data without user consent. It af...

This vulnerability allows unauthenticated attackers to execute arbitrary code on rConfig servers by uploading a malicious ZIP file to the insecure /up...

This vulnerability allows local attackers to escalate privileges on Android 11 devices by supplying malicious values to the GPS HAL handler without re...

This vulnerability in Android 11's Settings app allows attackers to disable always-on VPN connections without proper permission checks. It enables loc...

This vulnerability allows local attackers to bypass permission checks in Android's notification system, potentially gaining elevated privileges withou...

CVE-2021-0491 is a local privilege escalation vulnerability in Android's memory management driver where a missing permission check allows attackers to...

This vulnerability in the Linux kernel allows user applications to send kernel RPC messages through the fastrpc driver, bypassing intended access cont...

This Android vulnerability allows local attackers to trigger provisioning URLs and modify telephony settings without proper permission checks during d...

This Android vulnerability allows attackers to connect devices to untrusted WiFi networks through lock screen notifications, potentially enabling loca...

This vulnerability in Android's IMS phone call tracking system allows misattribution of video call data usage to incorrect applications. It enables lo...

CVE-2020-23740 is a local privilege escalation vulnerability in DriverGenius driver update software. Attackers can exploit this vulnerability to eleva...

SAP Solution Tools Plug-In (ST-PI) contains an authorization bypass vulnerability where authenticated users can access sensitive information without p...