Lucene search
+L

93 matches found

OSV
OSV
added 2023/05/29 12:0 a.m.12 views

CVE-2023-24605

OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens...

4.2CVSS7.2AI score0.00356EPSS
Exploits0References4
OSV
OSV
added 2023/04/01 12:0 a.m.39 views

ASB-A-257030107

In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...

5.5CVSS5.1AI score0.00082EPSS
Exploits0References2
CNVD
CNVD
added 2022/06/16 12:0 a.m.39 views

Samsung Account Privilege Management Improper Vulnerability (CNVD-2022-64087)

Samsung Account is a cell phone account from Samsung South Korea. versions prior to Samsung Account 13.2.00.6 contain an improper privilege management vulnerability that could be exploited by attackers to gain unauthorized access to contact and gallery data...

5.3CVSS6.7AI score0.00385EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/14 12:0 a.m.51 views

Samsung Account permission mismanagement vulnerability

Samsung Account is a cell phone account from Samsung South Korea. versions prior to Samsung Account 13.2.00.6 contain an improper privilege management vulnerability that could be exploited by attackers to gain unauthorized access to contact and gallery data...

5.3CVSS6.1AI score0.00385EPSS
Exploits0References1
NVD
NVD
added 2022/06/07 7:15 p.m.24 views

CVE-2022-30743

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission...

5.3CVSS0.00385EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/07 7:15 p.m.4 views

CVE-2022-30736

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission...

5.3CVSS5.8AI score0.00385EPSS
Exploits0References2
Prion
Prion
added 2022/06/07 7:15 p.m.21 views

Privilege escalation

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission...

5CVSS5.3AI score0.00385EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/07 6:19 p.m.26 views

CVE-2022-30743

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission...

5.3CVSS5.6AI score0.00385EPSS
Exploits0References1
CVE
CVE
added 2022/06/07 6:19 p.m.71 views

CVE-2022-30743

CVE-2022-30743 concerns Samsung Account prior to version 13.2.00.6, with an improper privilege management vulnerability that could allow attackers to access user contact and gallery data without permission. The issue is documented across multiple sources, including Red Hat and CNVD records, and t...

5.3CVSS5.2AI score0.00385EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/07 6:16 p.m.69 views

CVE-2022-30736

Samsung Account has an improper privilege management vulnerability (CVE-2022-30736) that affects versions prior to 13.2.00.6. The issue could allow an attacker to access contact and gallery data without permission. Root cause: inadequate enforcement of privileges within the Samsung Account compon...

5.3CVSS5.2AI score0.00385EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.5 views

Samsung SMR 安全漏洞

Samsung SMR is a system patch package from South Korea's Samsung Samsung. Samsung SMR contains an access control error vulnerability that could be exploited by attackers to access contact information without permission...

5.3CVSS5.6AI score0.00102EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/06 12:0 a.m.5 views

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android has a privilege bypass vulnerability, which can be exploited by attackers to compromise local information of user contacts without additional execution privileges...

5CVSS5.8AI score0.00137EPSS
Exploits0References4
NCSC
NCSC
added 2021/09/30 12:0 a.m.7 views

Vulnerabilities found in Apple iOS and iPadOS

A security researcher has found three vulnerabilities in Apple iOS and iPadOS. A malicious party can exploit these vulnerabilities exploit them to gain access to sensitive data. This includes contact data stored on the device and metadata about interactions with these persons. Successful misuse...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/08/24 12:0 a.m.5 views

PT-2021-19037 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.2 iPadOS versions prior to 15.2 watchOS versions prior to 8.3 macOS Monterey versions prior to 12.1 tvOS versions prior to 15.2 Description: A permissions issue was addressed with improved validation, which may allow ...

4.3CVSS2.9AI score0.00676EPSS
Exploits0References9
OSV
OSV
added 2021/04/13 7:15 p.m.4 views

CVE-2021-0444

In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8...

5.5CVSS6.2AI score0.00144EPSS
Exploits0References1
NVD
NVD
added 2020/12/15 4:15 p.m.23 views

CVE-2020-0486

In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS8.3AI score0.00134EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/12/15 3:55 p.m.29 views

CVE-2020-0486

In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for...

8.4AI score0.00134EPSS
Exploits0References1
OSV
OSV
added 2020/10/14 2:15 p.m.2 views

CVE-2020-0422

In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for...

3.3CVSS5.9AI score0.00166EPSS
Exploits0References1
OSV
OSV
added 2020/10/14 2:15 p.m.4 views

CVE-2020-0415

In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...

5.5CVSS6.7AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2020/10/14 2:15 p.m.19 views

CVE-2020-0415

In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...

5.5CVSS0.00168EPSS
Exploits0References1
Rows per page
Query Builder