93 matches found
CVE-2023-24605
OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens...
ASB-A-257030107
In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...
Samsung Account Privilege Management Improper Vulnerability (CNVD-2022-64087)
Samsung Account is a cell phone account from Samsung South Korea. versions prior to Samsung Account 13.2.00.6 contain an improper privilege management vulnerability that could be exploited by attackers to gain unauthorized access to contact and gallery data...
Samsung Account permission mismanagement vulnerability
Samsung Account is a cell phone account from Samsung South Korea. versions prior to Samsung Account 13.2.00.6 contain an improper privilege management vulnerability that could be exploited by attackers to gain unauthorized access to contact and gallery data...
CVE-2022-30743
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission...
CVE-2022-30736
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission...
Privilege escalation
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission...
CVE-2022-30743
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission...
CVE-2022-30743
CVE-2022-30743 concerns Samsung Account prior to version 13.2.00.6, with an improper privilege management vulnerability that could allow attackers to access user contact and gallery data without permission. The issue is documented across multiple sources, including Red Hat and CNVD records, and t...
CVE-2022-30736
Samsung Account has an improper privilege management vulnerability (CVE-2022-30736) that affects versions prior to 13.2.00.6. The issue could allow an attacker to access contact and gallery data without permission. Root cause: inadequate enforcement of privileges within the Samsung Account compon...
Samsung SMR 安全漏洞
Samsung SMR is a system patch package from South Korea's Samsung Samsung. Samsung SMR contains an access control error vulnerability that could be exploited by attackers to access contact information without permission...
Google Android 安全漏洞
Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android has a privilege bypass vulnerability, which can be exploited by attackers to compromise local information of user contacts without additional execution privileges...
Vulnerabilities found in Apple iOS and iPadOS
A security researcher has found three vulnerabilities in Apple iOS and iPadOS. A malicious party can exploit these vulnerabilities exploit them to gain access to sensitive data. This includes contact data stored on the device and metadata about interactions with these persons. Successful misuse...
PT-2021-19037 · Apple · Ipados +4
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.2 iPadOS versions prior to 15.2 watchOS versions prior to 8.3 macOS Monterey versions prior to 12.1 tvOS versions prior to 15.2 Description: A permissions issue was addressed with improved validation, which may allow ...
CVE-2021-0444
In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8...
CVE-2020-0486
In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for...
CVE-2020-0486
In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for...
CVE-2020-0422
In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for...
CVE-2020-0415
In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...
CVE-2020-0415
In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...