Lucene search
+L

222 matches found

Prion
Prion
added 2019/09/27 7:15 p.m.26 views

Integer overflow

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android...

6.8CVSS8AI score0.04059EPSS
Exploits0References15Affected Software5
Debian CVE
Debian CVE
added 2019/09/27 6:5 p.m.26 views

CVE-2019-9278

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android...

8.8CVSS8.1AI score0.04059EPSS
Exploits0
Cvelist
Cvelist
added 2019/09/27 6:5 p.m.18 views

CVE-2019-9278

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android...

8.6AI score0.04059EPSS
Exploits0References15
AlpineLinux
AlpineLinux
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9278

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android...

8.8CVSS8.8AI score0.04059EPSS
Exploits0
exploitpack
exploitpack
added 2019/08/30 12:0 a.m.55 views

Canon PRINT 2.5.5 - Information Disclosure

Canon PRINT 2.5.5 - Information Disclosure Exploit Title: Content Provider URI Injection on Canon PRINT 2.5.5 CVE-2019-14339 Date: 24th July, 2019 Exploit Author: 0x48piraj Vendor Homepage:...

4.3CVSS5.4AI score0.05393EPSS
Exploits6
0day.today
0day.today
added 2019/08/30 12:0 a.m.47 views

Canon PRINT 2.5.5 - Information Disclosure Exploit

Exploit Title: Content Provider URI Injection on Canon PRINT 2.5.5 CVE-2019-14339 Date: 24th July, 2019 Exploit Author: 0x48piraj Vendor Homepage: https://www.usa.canon.com/internet/portal/us/home/explore/printing-innovations/mobile-printing/canon-print-app Software Link:...

5.5CVSS5.5AI score0.05393EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/08/30 12:0 a.m.223 views

Canon PRINT 2.5.5 - Information Disclosure

Exploit Title: Content Provider URI Injection on Canon PRINT 2.5.5 CVE-2019-14339 Date: 24th July, 2019 Exploit Author: 0x48piraj Vendor Homepage: https://www.usa.canon.com/internet/portal/us/home/explore/printing-innovations/mobile-printing/canon-print-app Software Link:...

5.5CVSS5.8AI score0.05393EPSS
Exploits6
Prion
Prion
added 2019/07/30 9:15 p.m.17 views

Design/Logic Flaw

Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved...

2.1CVSS4AI score0.00434EPSS
Exploits1References1Affected Software1
Nextcloud
Nextcloud
added 2019/07/26 12:0 a.m.55 views

SQL injection in Android app content provider (NC-SA-2019-005)

The content provider of the app accepted arbitrary strings in the field list of the returned file list. This allowed an attacker to run harmful queries, destroying the local cache of the android app. The server data however was never in danger, so removing the account and setting it up again can...

7.5CVSS2.7AI score0.02019EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/06/17 8:15 p.m.5 views

CVE-2018-19448

In Foxit Reader SDK ActiveX Professional 5.4.0.1031, an uninitialized object in IReaderContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document, an attacker can trigger an out of bounds write condition, possibly leveragin...

7.8CVSS6.1AI score0.02241EPSS
Exploits1References1
OSV
OSV
added 2019/06/17 8:15 p.m.6 views

CVE-2018-19444

A use after free in the TextBox field Validate action in IReaderContentProvider can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19452, this has a different free locatio...

7.8CVSS6.1AI score0.02448EPSS
Exploits1References1
NVD
NVD
added 2019/06/07 4:29 p.m.42 views

CVE-2018-20523

Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query...

5.3CVSS5.5AI score0.10009EPSS
Exploits4References3
Prion
Prion
added 2019/06/07 4:29 p.m.23 views

Design/Logic Flaw

Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query...

5CVSS5.5AI score0.10009EPSS
Exploits4References3Affected Software1
OSV
OSV
added 2019/06/07 4:29 p.m.4 views

CVE-2018-20523

Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query...

5.3CVSS5.8AI score0.10009EPSS
Exploits4References3
CVE
CVE
added 2019/06/07 3:36 p.m.122 views

CVE-2018-20523

CVE-2018-20523 affects Xiaomi Stock Browser 10.2.4.g on Redmi Note 5 Pro and other Redmi Android phones. The issue is a content provider injection in the vulnerable component com.android.browser.searchhistory, allowing a third‑party app to read the user’s cleartext browser history via a query to ...

5.3CVSS5.5AI score0.10009EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2019/06/07 3:36 p.m.42 views

CVE-2018-20523

Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query...

5.5AI score0.10009EPSS
Exploits4References3
Prion
Prion
added 2019/04/25 8:29 p.m.19 views

Design/Logic Flaw

The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile Revvl Plus with a build fingerprint of...

7.5CVSS9.3AI score0.01919EPSS
Exploits1References3
Hacker One
Hacker One
added 2019/04/10 3:16 p.m.26 views

Nextcloud: Combination of content provider allows private data disclosure

Good afternoon. Sorry, its me again .. I use NC on a daily basis so I often makes some checks .. As per 489105, document thumbnail shall not be disclosed. The exposure on thumbnailCache/ is an already know issue. However, malicious apps are still able to extract at least pictures and text files b...

2.1CVSS0.4AI score0.00434EPSS
Exploits1
FreeBSD
FreeBSD
added 2019/02/06 12:0 a.m.30 views

libexif -- privilege escalation

Mitre reports: In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation...

8.8CVSS5.3AI score0.04059EPSS
Exploits0References4
NVD
NVD
added 2018/12/28 9:29 p.m.13 views

CVE-2018-14986

The Leagoo Z5C Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging versionCode=1000110, versionName=1.0.001, android.20170630.092853-0 containing an exported...

7.5CVSS7.3AI score0.01247EPSS
Exploits0References2
Rows per page
Query Builder