20 matches found
EUVD-2023-32654
Malicious code in bioql PyPI...
EUVD-2022-39569
Malicious code in bioql PyPI...
CVE-2023-21364
In ContactsProvider, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-29050
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory...
CVE-2022-20217
There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378...
CVE-2022-36869
Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission...
CVE-2023-29050
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory...
CVE-2023-29050
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory...
CVE-2023-29050
Technical details (affected product/versions/root cause/impact/remediation) are not publicly provided in the supplied documents. Monitor for updates from vendors and advisories.
CVE-2022-38697
In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with no additional execution privileges needed...
PT-2022-24532 · Unisoc (Shanghai) Technologies Co. +1 · Sc9863A/Sc9832E/Sc7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 +1
Name of the Vulnerable Software and Affected Versions: messaging service affected versions not specified Description: The issue is related to a missing permission check in the messaging service. This could allow access to an unexpected provider in the contacts service without requiring any...
CVE-2022-36869
Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission...
CVE-2022-36869
Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission...
CVE-2022-36869
Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission...
Improper access control
Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission...
CVE-2022-36869
Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission...
CVE-2022-36869
CVE-2022-36869 affects Samsung Contacts Provider (ContactsDumpActivity). Prior to version 12.7.59, improper access control allows an attacker to access a file without permission, impacting confidentiality. The vulnerability’s root cause is inadequate access control around ContactsDumpActivity in ...
PT-2022-23673 · Unknown · Contactsprovider
Name of the Vulnerable Software and Affected Versions: Contacts Provider versions prior to 12.7.59 Description: The issue is related to an improper access control vulnerability in the ContactsDumpActivity of the Contacts Provider. This vulnerability allows an attacker to access a file without the...
CVE-2020-0486
In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for...
CVE-2020-0486
In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for...